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Number of silos in which your customer data resides. 
Coincidentally, also the number of totally different 
definitions you have for “customer.” 


definition — 
Embarcadero solutions help manage data enterprise 
wide, enabling you to build and communicate an 
architecture of your data assets so-you always 
know what is what, and where it is. With just one, 
everything gets simpler. You and your business are 
empowered to use and reuse reliable, relevant and 
timely data across a range of platforms and storage 
formats. Understanding your data is finally possible, 
and getting a hold of the metadata is the key. 
Standards can be defined and enforced, Data redun- 
dancy is eliminated. Enterprise Data Management 
becomes achievable. It’s no coincidence that the 
most sophisticated solution is also the simplest. 


See how one gets it done. 


Call 415.834.3131 or visit www.embarcadero.com 
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The Smart Guide to Building World-Class Applications 
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from change management to scheduling overtime. 
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Edilorial 


Ins you, like many people, were mysti- 
fied by the recent announcement of 
SQL Server 2005 Compact Edition Release 
Candidate 1 (RC1), it might help to know 
that SQL Server 2005 Compact Edition is 
essentially SQL Server Everywhere Edition 
renamed. In fact, this SQL Server Compact 
Edition naming thing gets rather compli- 
cated because SQL Server 2000 Windows 
CE Edition (SQL Server CE), SQL Server 
2005 Mobile Edition, SQL Server 2005 
Everywhere Edition, and SQL Server 2005 
Compact Edition are all essentially the same 
product. The confusing array of names has 
made it difficult to keep up with what the 
product is all about. The last iteration of this 
product, SQL Server 2005 Everywhere Edi- 
tion, was the most confusing of all because 
of its names similarity to Sybase’ SQL 
Anywhere mobile database application. ISVs 
and other partners understandably found the 
SQL Server Everywhere and SQL Anywhere 
names too similar, so Microsoft renamed its 
lightweight database SQL Server 2005 Com- 
pact Edition. 

SQL Server 2005 Compact Edition’s 
true nature is a single-user database appli- 
cation. However, its SQL Server CE and 
SQL Server 2005 Mobile Edition heritage 
can lead people to think that the Compact 
Edition is limited to mobile devices. That's 
not the case. The RC1 release can run on 
mobile devices and the usual Windows 
platform. It’s also important to understand 
that the new edition is entirely different 
from SQL Server 2005 Express Edition. 
SQL Server 2005 Compact Edition is a 
single-user database that runs as an applica- 
tion and uses a stripped-down version of 
the SQL Server database engine as its core. 
For device compatibility, the product uses 
a small 5MB memory footprint, and it can 
support databases up to 4GB. In contrast, 
the SQL Server 2005 Express Edition is a 
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multi-user database that uses a SQL Server 
engine database core and runs as a service. 
So after all of the name changes, you 
might wonder whether the SQL Server 
2005 Compact Edition is a new edition 
in name only. But the new name was only 
one change in the new edition; Microsoft 
also added a variety of new functions. For 
example, the platform supports Windows 
2000, adding to the Windows Mobile and 
Windows XP support in the preceding SQL 
Server 2005 Everywhere Edition. Micro- 
soft also made a number of other minor 
enhancements to the product, including 
desktop performance enhancements, Win- 
dows Vista support, DataDirectory support 
for the SqlCeConnection object, integration 
with Visual Studio, and support for SQL 
Server Compact Edition in SQL Server 
Management Studio in the upcoming 
release of SQL Server 2005 Service Pack 
2 (SP2). Like it’s predecessor, SQL Server 
2005 Everywhere Edition, the Compact 
Edition is localized in 20 different languages. 
Notably, it still doesn’t support stored proce- 
dures. SQL Server 2005 Compact Edition is 
a free download that you can get at http:// 


www.microsoft.com/downloads/details 


.aspx?Familyld=85EOC3CE-3FA1-453A- 


8CE9-AF6CA20946C3&displaylang=en. 
SQL Server 2005 Compact Edition should 


mark the end of the naming merry-go- 
round for this mobile- and desktop-oriented 
member of the SQL Server product family. 
At least we can all hope this is the case. For 
more information about the SQL Server 2005 
Compact Edition, see the products home page 
at http://www.microsoft.com/sql/editions/ 

compact/default.mspx. SOL 
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No one understands your need for database performance and availability better than Dell" and Microsoft?. Microsoft 
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brains behind a number of our key customer-facing applications. This powerful combination helped to improve our 
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performance 1.4-times over the previous platform. 


To help you experience the greatest potential of your database environment, Dell offers a complete SQL Server 
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PTO for the Rest of Us 


A new slant on performance tuning 


ong-time readers of my "SQL Server 

Savvy” magazine column and my weekly 
“SQL Server Perspectives” email newsletter 
column know that I’ve always had a soft spot 
for performance-tuning, In fact, in one way or 
another, most of my professional-services career 
has focused on SQL Server performance- 
tuning. For that reason, the subject seemed like 
an obvious choice when the publishers of SQL 
Server Magazine and I began brainstorming new 
columns ideas that would be interesting to our 
readers. However, I didn’t want to write a per- 
formance-tuning column full of material that 
you could find all over the Internet. I wanted to 
offer you something uniquely valuable. 


Performance Paradox 

Recently, a meeting of contributing SQL 
Server Magazine editors sparked a fascinating 
debate. Several authors bemoaned the fact 
that SQL Server administrators regularly 
make simple, avoidable, and expensive per- 
formance-tuning errors: Seemingly, the 
ease with which you can find advanced 
performance-tuning information on the 
Internet over the past decade hasn't neces- 
sarily coincided with a reduction in the 
number of errors that can lead to serious 
performance problems. In the meeting, 
we discussed factors that might be causing 
this paradox, and I'll be addressing many of 
these potential causes in this space. But in 
general, we realized there was a problem 
with fundamentals. 

Finding advanced performance-tuning 
information on the Web is simple—but 
how do you use it? As I write this column, 
typing "coronary surgery instructions" in 


Www.salmag.com 


Google returns nearly 2 million hits. Some 
of the material seems quite advanced and 
complete. As faithful readers of my col- 
umns, you would—if you required such 
surgery—allow me to peruse some of these 
articles, then crack open your chests, right? 
I'm not suggesting that SOL Server perfor- 
mance-tuning requires the same amount of 
training necessary to become a heart sur- 
geon. However, I will say that performance- 
tuning is often more difficult than we want 
to admit, and that the result of attempting 
advanced "performance-tuning surgery"— 
if the work is performed by a person who 
doesn’t possess adequate skills—can lead to 
a DOA server or application. 

How about a sports analogy? The maxim 
“Keep your eye on the ball” is drummed 
into the head of every ball player—regardless 
of sport—from the earliest days of coaching. 
It’s a fundamental skill. However, it’s easy to 
forget. Have you ever watched your favorite 
athlete make a simple, fundamental mistake? 
In sports and in performance-tuning, it’s 
sometimes easy to take foundational, funda- 
mental skills for granted. 


Performance Primer 
Common wisdom seems to be that funda- 
mentals are old-fashioned and that they're 
just not exciting to write or read about. 
Perhaps you, as readers, don't think you need 
to revisit fundamentals because you think 
you'll never “take your eye off the ball"? 
That’s where this column comes in. PTO 
Foundations offers a new slant on perfor- 
mance-tuning essentials. And just because 
the column is called PTO Foundations 
doesnt mean that TIl simply be rehashing 
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PTO Foundations 


Performance Tuning 101 basics that all but 
the newest of newbies can recite by heart. 
Think of this column’s focus in terms of 
synonyms for foundation and _fundamental— 
underpinning, essential, vital. 

This column’s core audience will be 
“regular” people who need to solve perfor- 
mance problems—or avoid them—without 
first becoming (or calling in) a performance- 
tuning expert. Whatever the skill level, 
the column will address concepts that are 
fundamental to success in the performance- 
tuning world. Pl do my best to remember 
that my core audience consists of database 
professionals who probably arent experts. 
Hopefully, you’ll always find this column’s 
information to be approachable, consum- 
able, and actionable. 

Don’t get me wrong—I’m a performance- 
tuning expert. (At least, that’s what I tell my 
customers.) I hope there will always be a need 
for advanced, specialized performance-tuning 
skills. However, would it surprise you to 
know that I ultimately trace well over half of 
the problems I encounter to relatively simple 
causes? In most cases, the customer has simply 
taken his or her eye off the ball. 


Watch the Forums! 


I'm planning to keep PTO Foundations to 
one page each month. Alas, one page just isn't 
enough to cover all the foundational topics 
that I'll want to explore with you. Therefore, 
Pll be regularly blogging and posting in 
SQL Server Magazine performance-tuning 
forums. Be sure to visit http://sqlforums 
-windowsitpro.com for updates. Lets keep 


our eye on the ball and explore the funda- 


mentals that will lead to success in the world 
of SQL Server performance-tuning. HM 
InstantDoc ID 94248 
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i i your One-Stop-Shop 
for SQL Server 
Developer Tools 
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ApexSQL Studio 2005 


the essential toolkit for SQL Server 
Developers and Administrators 
ApexSQL Studio 2005 offers a powerful suite of tools that include: 


v/ SQL Server 2005 support 
v/ Command Line Interfaces are standard 
v/ State of the Art Customizable Interfaces 


v/ Superior Products vs Competitive Equivalents 


Included in ApexSQL Studio 2005: 


ApexSQL Diff Database comparison and synchronization 


ApexSQL Edit Full Featured Editor/IDE for SQL Server 


rmi 
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ApexSQL Log SQL Server Auditing and Recovery 


tdv am it 


INRI 
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ApexSQL Doc Audit data and Database documentation | = 


ur 


ApexSQL Audit Active data auditing and reporting 
ApexSQL Script Data and object scripting ApexSQL Diff 2005 
ApexSQL Clean Risk free delete and dependency analysis 


ApexSQL Report Data Driven web-based Reporting 


Competitive Upgrades of up to 60% available! For more information ApexSQL Edit 2005 
or to download a free trial version 
contact: 


ET ApexSQL www.apexsql.com 
th. 


software | or phone 866-665-5500 


www.sqimag.com 


Editor's Note: Post your feedback and tool 
recommendations on the Tool Time forum at 
http://sqlforums.windowsitpro.com/web/forum. 


Lockdown.sai 


Plug SQL Server 2000 holes 
from the start by setting a secure 
baseline configuration 


o L Server enthusiast and security architect Chip Andrews was frustrated by the 
Q need to repeatedly button up the security holes he found at client installa- 
tions. Because Enterprise Manager can be cumbersome for modifying the configuration 
of multiple servers—and Chip typically worked with large numbers of servers—he 
wanted to ensure a fast, effective way to reduce the security risks of a straight SQL 
Server 2000 installation. Chips Web site (http://www.sqlsecurity.com) hosts a variety of 
free SQL Server security utilities and links to other recommended Windows security 
utilities. But the most useful utility on the site isn’t an executable; it’s the simple, tiny 
Lockdown.sql T-SQL script. 


Functionality 

Lockdown.sql configures a SQL Server 2000 instance to the most secure baseline 
configuration possible. From this point, the DBA can simply enable the functionality 
needed for that instance. When using this script,a DBA’s security mindset requires the 
application of a bit of reverse psychology. The average DBA is used to locking down 
security holes as they emerge. In contrast, Lockdown.sql secures all vulnerabilities and 
requires you to open up functionality that might not automatically be available because 
it introduces a security risk. 

The latest release of Lockdown.sql supports named instances, doesn't break future 
service pack and hotfix installations, and locks down rarely used functionality but strives 
not to break common application features. You can easily invoke the utility from the 
command prompt for mass distribution. 


What Does Lockdown.sql Secure? 

Although Lockdown.sql is a simple T-SQL script, it changes many default con- 

figuration settings on a SOL Server 2000 instance. When you execute it, the script 

automatically 

* determines whether the SOL Server service account for LocalSystem Author- 
ity is allowed. 

* confirms the latest service packs and hotfixes. 

* enables Windows Authentication as the only login method. 

* sets a strong sa account password consisting of two concatenated unique 
identifiers. 

* enables full logon auditing to monitor successful and failed SQL Server access. 

* disables SQL Server Agent, Microsoft Distributed Transaction Coordinator 
(MSDTC), and MSSEAR CH services. 

* disables ad hoc queries for all data providers in accordance with the “minimal 
surface area” best practice. 
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LOCKDOWN.SQU 


BENEFITS: Configures a SQL Server 2000 
instance to the most secure baseline 
configuration possible. 


SYSTEM REQUIREMENTS: The script 
requires an instance of SQL Server 2000. You 
also need sysadmin privileges on the target 
machine through Windows Authentication to 
run the script. 


COMMENTS: This is one tool that every SQL 
Server 2000 DBA needs. 


HOW TO GET IT: Download the script 
at http://www.sqlsecurity.com/Tools/ 
LockdownScript/tabid/64/Default.aspx. 


* removes the Pubs and Northwind 
sample databases. 

* tightens permissions on many sys- 
tem stored procedures and extended 
stored procedures, including SQL 
Server Agent job system stored pro- 
cedures, Web tasks, table permissions, 
DTS package table permissions, and 
extended stored procedures. 

* revokes permissions of the guest 
account to MSDB. 

* disables remote access. 

* ensures that system tables can't be 
accessed. 

* increases the SQL Server log his- 
tory capacity for better auditing and 
reporting. 

* removes lingering SQL Server setup 
files. 


Some of these lockdown measures might 
at first seem too strong, but the script 
doesn't break most applications. If you 
want to enable any of the features that 
Lockdown.sql disables, you can simply 
add the functionality back by removing or 


Kevin Kline (kevin.kline@quest.com) is the director of 
technology for SQL Server Solutions at Quest Software, president 
of the international Professional Association for SQL Server 
(PASS), and the author of SQL in a Nutshell, 2nd edition (O'Reilly 
Media). 
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Tool Time with Kevin Kline 


commenting out the lines of code that you 
don't want, if your application requires it. 
Note that although some best prac- 
tices documents have encouraged DBAs 
to remove unnecessary extended stored 
procedures, Lockdown.sql doesnt do this. 
Instead, the utility disables extended stored 
procedure permissions that represent a secu- 
rity risk. Chip took this approach for several 
reasons. First, removing extended stored 
procedures can cause problems with service 
packs and hotfixes during installation and 
can cause problems with useful tools such 
as Enterprise Manager. Preventing access 
by non-sysadmin users is more effectively 
and easily achieved by dropping execute 
permissions than by removing extended 
stored procedures. In addition, hackers can 
add back the files of dropped extended 
stored procedures, but they can’t alter per- 
missions when those permissions have been 
explicitly denied. And DBAs can easily add 
privileges back, making it unnecessary to 


NEW EMAIL 


Execuling Lockdown 

sal couldn't be easier 
because il's a simple 
T-SQL script. 


drop extended stored procedures that might 
later be needed for a one-off job. 


How lo Execute the Script-Plus 
Some Cautions 

Executing Lockdown.sql couldnt be easier 
because it’s a simple T-SQL script. I recom- 
mend that you read the entire script, which 
will only take a few minutes, to ensure that 
its not disabling any functions you want 
on your instance of SOL Server 2000. In 
addition, be aware that the script as written 
might cause errors in a case-sensitive instal- 
lation. You might want to standardize the 
case before using the script. To execute the 
script from the command prompt, type: 


with useful database projects and 
tips that illustrate the fundamental. 
of Microsoft's new free 
database offering 


osql -S (servername) -E -i 
Lockdoun.sqL 


Note that the script doesn’t currently sup- 
port SQL Server 2005 because the newest 
version of SOL Server has more robust 
security and automatically disables many 
of the same security vulnerabilities. that 
Lockdown.sql does. However, Chip has said 
he'd like to update his script if user interest 
is strong enough. Chip’s Web site, which 
isnt affiliated with Microsoft, offers other 
free SQL Server security tools and has a 
discussion forum that focuses exclusively 
on SQL Server security. I encourage you to 
drop Chip a note in his discussion forum 
or contact him directly at chip@sqlsecurity 
.com if you'd like to see a new SQL Server 
2005 version of the script. And be sure to 
visit the Tool Time forum online to com- 
ment on this column and post your own 
tool recommendations! SQL 
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Microsoft; 


SOL GE RVE R SQL Server Magazine, 

mpal V HN MSDN Magazine and 

Tech Conferences 
come together to deliver 
the premier SQL Server 
Conference and Expo. 


March 25-28, 2007 


Orlando, Florida » THE FALL 2006 EVENT WITH 

Orlando World Center Marriott OVER 4700 ATTENDEES 
SOLD OUT SO REGISTER 
EARLY TO RESERVE 

YOUR SPOT! 


BONUS: 

REGISTER EARLY for 

SQL Server Connections 
and attend the concurrently 
run conference sessions for FREE! 


CO-LOCATED WITH: 


MICROSOFT 


P.NET 


Pn. cu 
CONNECTION S) A. 


> Train with 
Microsoft architects 
and world-renowned 
developers and DBAs delivering 
150+ in-depth sessions. 


VISUAL CONE 
STUDIO. C.N 


> Keep your competitive edge by staying 
on top of the latest technology and visit 
sessions in the co-located events at no 
extra charge! 


» Attend dynamic Microsoft keynotes and get the 
scoop on the future trends in our industry. 


> Network with industry experts, authors 
and peers at the beautiful Orlando World Center 
Marriott in Florida. 


> Explore the expo hall, pick up cool giveaways, and 
enter the contest to win a Harley-Davidson motorcycle! 
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Register Today! minimum 
www.DevConnections.com 
800-438-6720 * 203-268-3204 


CO-LOCATED WITH: 

> Microsoft ASP.NET Connections, 

> Visual Studio & .NET Connections, and 
> SharePoint Connections 
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| a "nod For the fifth year in a row, we showcase 
* (o X7 ingenious solutions from your peers 
in Ihe SQL Server community 


by Dawn Cyr and Anne Grubb 


IF thàt time again: Since 2003, SQL Server Magazine has invited SQL Server 
S professionals to submit their most creative solutions to technical problems 
to the annual SQL Server Magazine Innovators contest. Our winning entries this 
year—one grand prize, three runners-up, and two honorable mentions—show yet 
again that SOL Server pros are a resourceful, technically adept bunch and emphasize 
the prominent position that development has in the SOL Server pros skill set. The 


solutions, though diverse, highlight SQL Servers value as a tool for providing 
essential business information. 


Grand Prize 
Ermedin “Dino” Selmanovic, BI Solution Architect 
Moore Stephens Consulting, London 


ermedin.selmanovic@moorestephens.com 


Intelligent Install =r —— 
When Ermedin “Dino” Selmanovic and his eight-member development 
team at Moore Stephens Consulting, a UK-based firm specializing in 
developing custom applications for the insurance industry, proposed a busi- 

ness intelligence (BI) solution for a client two years ago, their real challenge 

wasn't choosing the solutions components, as The Challenge was using the 
components together. Microsoft provides a strong set of BI tools for SQL 
Server. Furthermore, says Dino, "We're 100 percent Microsoft, in terms of the 
solutions we provide—which tend to be SQL Server, Microsoft Analysis Ser- 
vices, SQL Server Reporting Services, and the ProClarity suite of products [which 


Want More Detail About the Innovators’ Solutions? 
To see code samples and screenshots from some Innovators’ solutions, go to http://www (Bere 
windowsitpro.com, InstantDoc ID 94156, and click Download the Code. Benet 


InstantDoc ID 94156 
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Microsoft recently acquired] Dino and the 
Moore Stephens team proposed a solution 
that combined all these products to provide 
business and analysis reporting functions for 
the client. “On top of that, we needed to 
somehow integrate Analysis Services cubes, 
Reporting Services, and the ProClarity 
products—ProClarity Desktop Professional, 
ProClarity Analytics Server, and ProClarity 
Dashboard Server—into one portal that 
could be accessed internally as well as by 
the third parties that sell the products that 
the client provides,” says Dino. 

The integration aspect proved to be a 
tricky part of implementing the solution. 
The development team needed to write code 
to integrate the separate pieces of software 
so that each time the developers updated 
the solution—for example, to produce new 
reports or replace certain old views with new 
ones in response to the clients request—all 
the software components could communi- 
cate with each other seamlessly. 

Even more problematic was the installa- 
tion itself. When Dino and his team finally 
had the first version of the solution ready for 
the client to evaluate, Dino realized that the 
manual process of releasing a new version of 
the solution was impractical. “The manual 
release process took five or six of us two to 
three days to put together" Dino explains. 
“The release process required an extremely 
high level of coordination and control and 
had a risk of human error. We couldn't 
afford to jeopardize all the good work wed 
done in the development phase—as well 
as the chents respect for the solution—by 
releasing the software in this way.” 

The team decided to automate the process 
of installing new releases of the BI solution by 
developing an application called bIntelligent 
Installation Manager, which the team wrote 
using Microsoft .NET Framework 2.0 and 
C#. All the objects for the different software 
components that comprise the BI solution 
are stored in the Microsoft Visual SourceSafe 
version-control system. When a new release is 
ready for distribution to the client, the appli- 
cation retrieves the objects from Visual Sourc- 
eSafe and packages them into an installation 
file on a CD-ROM, which also includes 
installation instructions. The Moore Stephens 
team then sends the installation package to the 
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client site, and the client simply configures and 
executes the installation package to deploy the 
release. 

bIntelligent Installation Manager pro- 
vides two key benefits, says Dino. First, “the 
effort required to actually release a version 
of a solution is cut down to half a day for 
one person as opposed to two or three days 
for four to six people.’ But the best part, 
Dino says, is that the bIntelligent Installation 
Manager ensures “the consistency of a valid 
release, because we minimized the human- 
error factor. We prepare the release, package 
it, release it ourselves internally and test it, 
and make any changes, if needed. Once we 
sign off on the release form, it goes out to 
clients, so we know that whatever we pass 
on to the client is valid.” 

These benefits were especially notable 
in the solution’s early versions, when Dino’s 
team needed to release weekly updates in 
response to the clients numerous change 
requests. “For the first three or four months, 
it was a volatile change-management envi- 
ronment,” says Dino. “At the time, we had 
something like 150 to 200 different reports 
and views, and every week the client was 
changing the existing reports, adding new 
reports, or removing some of the reports 
that they decided they didn't need? Over 
time, the client settled on a stable set of 
requirements for the BI reporting it needed 
from the solution, and the number of 
releases has decreased drastically. 

Dino says that Moore Stephens is cur- 
rently upgrading the bIntelligent Installation 
Manager solution to enable it to take data 
from various insurance-industry sectors 
and provide a standard set of analytical and 
reporting views. ^We actually sent out the 
first version of the [updated] Installation 
Manager a few weeks ago to a customer in 
Oklahoma,” says Dino. The latest version of 
the installation solution is also customizable. 
“Ifa client, say, needs only cubes and not the 
Reporting Services options, we can disable 
Reporting Services and just package the 
cubes,” says Dino. “The solution we deliv- 
ered was designed, developed, and delivered 
successfully thanks to a great team effort. 
The main driver was a determination to 
produce something that will be reusable and 
that benefits our customers.” 
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Runner-Up 
Michael Metcalf, Database 
Administration Team Manager 
Wilmington Trust, 
Wilmington, Delaware 
madmikeGmmelcalf.com 


Self-Service 

Development Tesling 

For Mike Metcalf, database administration 
team manager for a Delaware financial ser- 
vices company, keeping his databases secure 
and available is the highest priority. Mike 
and his four-DBA team manage more than 
60 servers (including 45 production servers) 
running more than 270 SQL Server, Oracle, 
and IBM DB2 databases. Because of the 
sensitive nature of the data his company 
works with, his team doesn’t allow devel- 
opers who work for the organization to run 
SQL Server jobs in any of the organization’s 
database environments—not even on devel- 
opment servers. This policy lets Mike and 
his team keep a tight rein on data access, but 
it can be frustrating for developers, especially 
when they need to run SQL Server jobs to 
test the applications they're writing. 

Mike explains that about half of the 
applications that his company uses are devel- 
oped in house, so developers are constantly 
writing scripts and stored procedures that 
they need to test. “When the developers 
needed to run ad hoc jobs, they had to go 
through one of the DBAs. My team and I 
weren't always at their beck and call to run 
a job, which sometimes led to frustration for 
the developers, plus time wasted waiting and 
frequent demands for elevated rights.” 

To solve the problem, Mike created 
the dbaSelfService database, which contains 
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permitted users, the validated jobs (with ID 
numbers) that they're allowed to run, and 
stored procedures to make it work. When a 
developer wants to run a job, he logs in to 
the database and executes a stored procedure 
against Query Analyzer to see a list of the jobs 
that he’s allowed to run. The stored procedure 
matches the logged-in user’s ID to its list of 
allowable IDs, then matches the user’s ID to 
the list of jobs that user is allowed to run. 
When the developer chooses to run 


Last Rites for a Beloved Server 


Humor is a hallmark of a creative mind, and 
SQL Server Magazine Innovator Award runner- 
up Michael Metcalf has discovered value 

in using humor in his work. When Mike was 
learning about SQL Server 2005 in preparation 
for migration, he realized that the new release 
was lacking one important feature: SQL Server 
Funeral Services (SSFS). As Mike explains, 

“All hard-core techies | know have an almost 
personal relationship with certain servers, 
especially ones they first cut their teeth on. 
This is a way to say goodbye to that now- 
ancient server.” 


Mike says that SSFS consists of a database, 
a few tables and procedures, db_ Mail, 
SQL Server Reporting Services, 1 percent 
inspiration, and 99 percent perspiration. “To 
kick off a funeral, | send an email to users 
who used the server most, supplying them 
with a procedure to run against the database. 
They run the procedure, including parameters 
such as the name of the server they're paying 
respects to, a message to go in a guest 
book, and donation of CPU cycles to help less 
fortunate servers.” The procedure returns a 
brief eulogy, a 21-query salute, and an email 
message thanking them, plus a link to a Guest 
Book delivered in Reporting Services. 


Mike admits he initially conceived the SSFS 
database as a fun diversion, but says he 
learned some cool new features of SQL Server 
2005 by doing the project. Plus, he says, it’s 
great to “bring levity to the workplace when 
people are bogged down, stressed, or otherwise 
sucked too far into the grind, but without 
causing anyone harm or laughing at anyone's 
expense." 


InstantDoc ID 94157 
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a job, the job name is put into a holding 
queue table. An sa-owned job runs every 
minute and queries the holding queue table 
for any waiting Jobs. If the sa job finds any 
entries, it runs them. The user who executed 
the job gets an email notification when the 
job starts. The user can also see job informa- 
tion thats written to a log table. 

Because Mike created the tool strictly for 
use by his team, he trained developers to use 
it over time. When a developer would bring 
a job to Mikes team to run, the DBA would 
show the developer the new tool and walk 
him through using it. The response from 
developers has been positive—so much so, 
that a couple of months ago, the team started 
using it for a production application. Mike 
explains, “One of our Web apps needed to 
be able to kick off a stored procedure that 
performs a user-initiated data load. The self- 
service database gave us the functionality to 


automate the data load.” 

One of the keys to the solution’s success, 
says Mike, is its built-in security. “All our 
developers have to log in with Windows 
credentials, so people can log in and get 
access to run their own jobs but not anyone 
else’s jobs. To keep everyone honest, we also 
have an audit table to keep track of what 
jobs each person executes and to show that 
the jobs actually get executed.” 

Mike enjoys his work and appreciates his 
team members, so he’s glad he could create a 
solution that makes their jobs easier. “I don’t 
necessarily consider myself a guru about all 
aspects of SQL Server, but I’m pretty handy. I 
try to solve things first and figure out what I 
need before I go looking for it. Occasionally I 
get lucky and find a better way to do whatever 
I'm trying to do? (For more about the cre- 
ativity that makes Mike an innovator, see the 
sidebar "Last Rites for a Beloved Server") 


Runner-U 
Matt Mitchell, Network Analyst 
Alpena Regional Medical 
Center, Alpena, Michigan 
mjmitchell@aqgh.org 


Taming the Scheduling Monster 

Matt Mitchell describes himself as “network 
analyst by trade, and a DB developer by 
hobby" But Matt’s enthusiasm for database 
programming has trickled down into his IT 
job with Alpena Regional Medical Center, 
where, he says, “for me every project uses 
a database because I love creating solutions 
with databases" Matt, who has previous 
experience developing Web-based database 
solutions, jumped in to tackle the challenge 


SQL Server Magazine 


of computerizing a paper-based system 
of scheduling logs that nurses and staffing 
employees at the medical center used for 
bidding on overtime shifts. 

Until fairly recently, multiple copies of 
paper vacancy logs (lists of shifts that needed 
to be filled) were circulated around the 
nursing units. Nurses signed up for vacan- 
cies, and the completed logs went to the 
staffing office where staffing employees had 
to reconcile the various logs, then award 
overtime based on a complex set of labor- 
union rules. Matt sought to develop a system 
that made the bidding process fairer to the 
nurses by letting them access vacancy infor- 
mation from a central Web site and made 
it easier for staffing employees to fairly and 
accurately award the vacancies. 

Matt’s solution consists of an ASPNET 
Web application front end containing sepa- 
rate areas for the nurses and staffing personnel, 
a SQL Server 2000 database that contains 
vacancy information and the status of bids 
(awarded or not), and a sunple reporting 
capability. "The ASPNET Web application 
accesses SQL Server with ADO.NET using 
the System.Data.SqlChent namespace,’ Matt 
explains. A short subprocedure in the Web 
application establishes a connection to the 
SQL Server database that contains the 
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vacancy information and stores the con- 
nection as a SqlConnection object. Then a 
procedure creates a SqlDataAdapter object 
that uses one of the stored procedures or 
views included in the database as its SELECT 
statement. Finally, code in the application uses 
the SQIDataAdapter object to fill a DataSet 
object. "Since Pm not a full-time pro- 
grammer, the nice thing about ADO.NET 
is that I dont need to know a lot about the 
intricate details of accessing data from a SQL 
Server database. All I need to do is establish 
the connection, create a data adapter, and fill 
my dataset by using the data adapter. ADO 
.NET handles the rest,” says Matt. 

The main Web page, which the nurses 
view, has a drop-down list for selecting the 
unit(s) to check for vacancies. Nurses log in to 
the NursingVacancy Log by using their Active 
Directory (AD) account information, then 
simply click a button to bid for a vacancy, and 
the system records the date and time of their 
bid. When staffing employees log in, they see 
a screen for setting up the schedules that will 
have vacancies available to the nurses, entering 
the vacancies, and approving the bids. 

Interestingly, Matt first used Microsoft 
Access for the database, then switched to 
SQL Server.“ When I begin implementing a 
SQL Server database design, I always start by 
creating an Access Project file and selecting 
the Project (New Data) option. Access is a 
nice tool for creating tables, establishing rela- 
tionships, and creating the database diagram, 
and the familiarity of this program makes it 
easy for me to get started,” he says. 

The third part of the solution, a reporting 
capability, was already available. “On our 
intranet server, we run SSW Access Reporter 
.NET for IIS, software that lets us serve 
up Access reports in PDF format to our 
intranet Web applications" The Nursing 
Vacancy Log has only one report—a bid 
approval report. Matt designed the report in 
Access, then added an ASP.NET page that 
invokes the Access report. 

Although Matt’s system hasn’t gone live 
yet (its release was delayed because of a job 
change in the staffing office), Matt received 
positive feedback from the staffing coordi- 
nator about his solution, and nursing staff 
have all trained and completed a practice 
exercise using the system. Even so, the bene- 


fits are evident. “The time spent reconciling 
vacancy logs and awarding bids becomes 
negligible, and nurses no longer have to 
hunt down a vacancy log or leave the unit 
to visit the staffing office,” says Matt. 


Runner-Up 
Ayad Shammoul, 
Lead Technical DBA 
CareGroup Healthcare System, 
Boston 


ashammou@careqroup.harvard.edu 


Comprehensive Server 
Monitoring 
Although hes a DBA, 18-year IT veteran 
Ayad Shammout has an all-inclusive perspec- 
tive on Windows technology.“ don’t want to 
isolate myself only on the SQL Server data- 
base, because I know that SQL Server relies 
on Windows, Windows relies on networking, 
and so on. I've forced myself to understand 
other technologies, background processes, and 
dependencies, so if I encounter a problem, I 
can easily isolate or diagnose it,” says Ayad. 
Ayad’s big-picture approach to technical 
problem-solving served him well in devel- 
oping a solution that reports a plethora of 
system metrics. IT staff at CareGroup use 
such information to gauge the health of 
SOL Server 2005, SOL Server 2000, and 
Windows servers across the organization as 
well as for capacity planning and auditing. 
Initially, Ayad developed his system to 
monitor the status of CareGroups approxi- 
mately 400 SOL Server databases and 30 
SQL Server instances. “I want to go to one 
place and access specific information about 
all my databases, rather than logging on to 
individual servers,” Ayad says. To obtain such 
data, IT used to retrieve data from SQL 
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Server system objects, such as database data 
and log-file sizes on all SQL Server instances, 
then output that data into a Microsoft Excel 
spreadsheet. “It took IT a long time to [create 
the spreadsheet report], and if in a month or 
two, we needed to get an update, we had to 
do that work all over again.” 

Ayad began building his centralized 
reporting system by creating a master reposi- 
tory database on a SQL Server instance. The 
repository would store data about every 
SQL Server instance, database, object, and 
user in CareGroups environment. Ayad 
created a linked server connection to all the 
SQL Server instances so that the stored pro- 
cedures could pull data from them and put it 
in the repository database. Then he extended 
the system to collect Windows system 
information from all Windows servers via 
Windows Management Instrumentation 
(WMI) and Microsoft Systems Management 
Server (SMS). The data-collection jobs run 
nightly or weekly on the servers, depending 
on which data they're gathering. 

After data is in the repository, IT can use 
Reporting Services to view the data. “We 
can get a complete overview of a specific 
user,’ says Ayad. “For example, you can look 
up one user, and from that user drill down 
and see that the user has access to this par- 
ticular server and database, has read-only 
permissions to one table, and has read-write 
permissions to another table.” 

IT has come to depend so heavily on Ayad’s 
server-reporting system that hes moving the 
database to a cluster server to ensure that its 
available 24 X 7, even during planned outages 
for maintenance. Ayad says that CareGroup’s 
IT has investigated third-party tools that per- 
form similar system-reporting functions but 
found none as complete as his. For example, 
“a tool might report all the server properties 
but doesn’t work as comprehensively with the 
SQL Server databases. So we might end up 
running different [third-party tools] to get all 
this collected information. My solution saves 
money and the hassle of working with dif- 
ferent tools. We own it and control it, so we can 
keep developing and adding.” In fact, Ayad is 
currently customizing the solution to collect 
data from Oracle databases on CareGroups 
UNIX servers and network data from Win- 
dows servers and network switches. 
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Honorable Mention 
Edward Bond, Database 
Analyst 
Baylor Health Care System, 
Dallas 


edwardb@baulorhealth.edu 


Automated Medical Coding 

After developing an automated procedure- 
coding system for Baylor Health Care 
System, veteran DBA Ed Bond probably 
knows more than many healthcare profes- 
sionals about invasive-cardiac— and periph- 
eral-vascular-procedure codes. Traditionally, 
medical coders manually derive the correct 
codes for more than 300 distinct cardiac 
procedures from documentation entered 
in a patients chart. Missing information 
often prevents coders from entering the 
correct codes. The hospital asked Ed to 
assess whether automating the coding and 
enhancing electronic charting could elimi- 
nate such errors. 

Ed first researched charge coding, 
which took several months, then developed 
algorithm specifications for all the codes 
and wrote the application. Data entered 
into a patient’s chart via the hospital’s 
computerized system is sent to the server 
via FTP. ParserQC, the Visual Basic (VB) 
utility that Ed wrote, monitors the FTP 
folder on the server and retrieves data as it 
appears. ParserQC parses the information 
necessary to derive codes from the charted 
notes and temporarily stores the data in 
a Microsoft Access database. The utility 
checks for required information, derives 
the charge codes from information stored 
in a SQL Server database, produces the 
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patient reports for the medical record, and 
stores the derived data in the SQL Server 
database. 

After using the new system for more 
than 18 months, Baylor Health Care System 
has greatly improved the accuracy of com- 
plex cardiac procedure coding. Doctors like 
the system because they no longer need to 
dictate procedure reports; ParserQC derives 


reports from the charted information. Lab 
staff spend less time manually deriving 
charge information and have less paperwork 
to process. “The system has decreased costs 
associated with charge coding, increased rev- 
enue [by reducing the number of rejected 
insurance claims] and accuracy of patient 
billing, and enabled clinical staff to spend 
more time on patient care,” says Ed. 


Honorable Mention 
David Stoltz, Information 
Management Programming 
Manager 
Sacred Heart Hospital, 
Allentown, Pennsylvania 


dstoltz@shh.org 


Sacred Heart Gets a Pacemaker 

For several years, Sacred Heart Hospital in 
Allentown, Pennsylvania, had been having 
trouble with “bed flow,’ the process of 
admitting patients, transferring them within 
the hospital, and eventually discharging 
them.The process used was intensely manual, 
involving many phone calls between nursing 
staff and administrators looking for avail- 
able rooms and beds. Bottlenecks in the 
process plagued the system further; if you 
couldn’t find the person who could answer 
your question, you were stuck. To solve the 
problem, the hospital asked David Stoltz to 
design a solution that the entire staff could 
access easily. 

David explains, “We wanted to design a 
visual solution—a ‘bed board'—that people 
could access through a Web-based applica- 
tion. Although all the patient information 
we needed was already in our IBM AS/400, 
querying that system was far too slow.’ 

To speed queries, David team used SQL 
Server 2000 along with Microsoft Internet 
Information Services (IIS) 6.0 Web server 
and ASP technology to design an interme- 
diary database for processing the necessary 
data. David created a DTS package, stored 
procedures, and tables to store the patient, 
room, and bed information in a SQL Server 
database. The DTS package connects to the 
AS/400, creates a transaction, then queries 
all the needed bed data and stores it in the 
database. This process runs once a minute, so 
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the Web application is always current. 

The SQL Server database ended up at just 
3.63MB. The front-end Web page queries 
SQL Server instead of the AS/400, pro- 
cessing more than 60 stored procedures and 
code in less than one second—a dramatic 
improvement over direct queries to the 
AS/400, each of which took 45—50 seconds. 
This improvement means the new Web- 
based, visual front end gives hospital staff a 
bird’s-eye view of the entire hospitals bed 
status, so nursing units can communicate 
with the admissions department—and vice 
versa—through the application. 

The solution has been a great improve- 
ment for the hospital, says David. “Beds are 
cleaned faster, admissions can admit patients 
faster, it has improved unit communication 
and process flow, and there’s better account- 
ability among the staff" You can see a sample 
screen from the application at http://www 
.shh.org/1mages/bbs ss.jpg. SQL 
o InstantDoc ID 94156 


Dawn Cur (dcyr@sqlmag.com) is a senior editor for 
Windows IT Pro and SQL Server Magazine. 


Anne Grubb (agrubb@windowsitpro.com) is a senior 
editor for Windows IT Pro, SOL Server Magazine, and Exchange & 
Outlook Pro VIP. 
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by Dan Sawyer 


| your database secure? Hardly a week passes without the 
S announcement of some new SQL vulnerability. What’s a 
SQL Server DBA to do? 

Fortunately, you can take actions that will greatly lessen your 
risks. Many SQL attacks can be prevented (or at least mitigated) 
by simply verifying up front that your databases and servers are 
properly secured. Are all listening ports correctly configured? 
Have you disabled all unnecessary network libraries? Did you 
remember to delete those old SQL Server setup files? The list 
goes on. 

I admit, it takes time to secure every last checkpoint and stay 
ahead of the bad guys. New security vulnerabilities are constantly 
appearing, which means adding new checks and frequent moni- 
toring to stay safe. 

Wouldnt it be great if you could somehow automate all these 
time-consuming auditing chores? Well, now you can if you apply 
the easy-to-use techniques described in this article and customize 
the included code for your situation. 


Start with a Checklist 

In “Build Your Own Automated Security Systems,’ June 2006, 
InstantDoc ID 50027, I show how to test a database configuration 
for security vulnerabilities. You start with a list of security policies 
and inspect your DBMS for potential policy violations, design 
vulnerabilities, and other security soft spots a hacker can exploit. 


Feature 


ecurity 


The June article presents a table that lists a number of secu- 
rity settings you might want to audit. You'll also find these set- 
tings—and more—in the SQL Server 2000 SP3 Security Features 
and Best Practices: Security Best Practices Checklist at http:// 


www.microsoft.com/technet/prodtechnol/sql/2000/maintain/ 


sp3sec04.mspx. 
You'll want to tailor your testing to those checkpoints with 


the highest priority in your area of responsibility. The security 
checklist helps in this tailoring process by categorizing its 
checkpoints. 

If your job is installing databases, you'll probably want to focus 
on those security requirements in the preinstallation, installation, 
and post-installation categories in the administrator section of 


the checklist. If youre an application WEB 

developer, you'll naturally gravitate to Been WEB. 
: Download the listings at 

development requirements such as data InstantDoc ID 94185 


encryption and database roles. 

Whatever the vulnerabilities you focus on, you'll want your 
security audits to be repeatable and easily updatable. After all, 
what good is a security test if it’s run only once or fails to keep 
up with new attack strategies? Automation is the key to timely 
and repeatable security auditing. 


Automate the Checks 


My June article shows the beginnings of a stored procedure, 
upCheckSecurityConfiguration, that can be built upon to automate 
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Audit Automation 


LISTING | Portion of 
upCheck-SecurityConfiguration 


CREATE PROCEDURE 
upCheckSecurityConfiguration 

AS 

SET NOCOUNT ON 


DECLARE a@TestResult char(10) 
DECLARE @ActualSetting varchar(12) 
-- 1: IS SQL Server Service Acct 
-- "LocalSystem"? If so, FAIL 
DECLARE @ServiceAccount nvarchar(200) 
-- Get Actual Setting 
EXEC master..xp_regread 
"HKEY_LOCAL_MACHINE', 
"SYSTEM\CurrentControlSet\Services\ 
MSSQLSERVER', 

'ObjectName', @ServiceAccount OUTPUT 
-- Evaluate Test Result 
IF @ServiceAccount = 'LocalSystem' 


SET gTestResult = 'FAIL' 
ELSE 
SET aTestResult = 'PASS' 
-- Log Test 
EXEC upInsertTestCase 
aaConfigItem = 'ServiceAccount', 
aaExpectedSetting = 'NT_ACCOUNT', 
aaTestResult = gTestResult, 
aadActualSetting = aServiceAccount 
-- 2: Latest service pack? If not, FAIL 


DECLARE @ProductVersion varchar (64) 
-- Get Actual Setting 

SELECT @ProductVersion = 

cast (SERVERPROPERTY('ProductVersion') 
as varchar(64)) 

-- [ set your version here J] 


IF @ProductVersion >= '8.00' 
SET aTestResult = 'PASS' 
ELSE 
SET aTestResult = 'FAIL' 


EXEC upInsertTestCase 
aAConfigItem = 'Version#', 
aaExpectedSetting = '8.00', 
aaTestResult = gTestResult, 
aaActualSetting = @ProductVersion 


-- 3: Is Windows Authentication 
-- (DWORD = 1) only Login method? 
DECLARE àLoginMode int 
EXECUTE master..xp regread 
N'HKEY. LOCAL, MACHINE', 
N'Software\Microsoft\MSSQLServer\ 
MSSQLServer', 
N'LoginMode',@LoginMode OUTPUT 
IF a@LoginMode = 1 
SET gTestResult = 'PASS' 
ELSE 
SET gTestResult = 
EXEC upInsertTestCase 
aaConfigItem = 'LoginMode', 
aaExpectedSetting = 1, 
aaTestResult = gTestResult, 
aaActualSetting = aLoginMode 


RANT le 


your security checks and log any problems 
you find. The code at callout A in Listing 1 
shows how upCheckSecurityConfiguration 
checks whether the SQL Server account is 
using LocalSystem authority. The Microsoft 
security checklist recommends a separate Win- 
dows account for each SQL Server service. 
So upCheckSecurityConfiguration flags a 
security violation when it finds a LocalSystem 
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value in the HKEY LOCAL MACHINES 
SYSTEM CurrentControlSetNServicesN 
MSSQLSERVER registry subkey. 

To log this test result, upCheckSecuri- 
tyConfiguration calls another procedure, 
up_InsertTestCase, which Web Listing 1 
(http://www.sqlmag.com, InstantDoc ID 
94185) shows. up_InsertTestCase inserts 
the result into table tabConfigSettings (Web 
Listing 2). The final piece of the test-and- 
report framework is a trigger on tabConfig- 
Settings. trgLogBug (Web Listing 3) checks 
whether a security violation was found. If it 
was, trgLogBug inserts a problem report into 
tabBugR eports (Web Listing 4). 


Extend 
upCheckSecurityConfiguration 
One neat feature of upCheckSecurityCon- 
figuration is that you can add test cases for 
any number of configuration settings you 
want to check. Once you have a test suite 
that meets your needs, you can fold the 
corresponding test cases into upCheckSe- 
curity Configuration. From there, you're free 
to run—and update—your entire test suite 
whenever you want. 

Say you'd like to audit your configuration 
at the beginning and close of every business 
day. Or maybe launch your audit procedure 
whenever some suspicious event—such as 
an illegal login attempt—occurs. Simply fold 
the desired security checks into upCheckSe- 
curityConfiguration and then create a SQL 
Agent job (or alert) that fires when you need 
it. In fact, while youre at it, why not create 
a separate procedure for each security audit 
you want to run—each custom designed to 
the specific security checks you need? 

Whichever strategy you choose, you'll 
need to adapt upCheckSecurityConfigura- 
tion to fit your specific needs. To demon- 
strate how you might do that, I've extended 
upCheckSecurityConfiguration to include 
15 commonly audited security settings from 
the Microsoft security checklist. Listing 1 
shows the first three upCheckSecurity- 
Configuration checks. You can download 
the complete upCheckSecurityConfigura- 
tion procedure and the other code in this 
article by going to http://www.sqlmag.com, 
entering 94185 in the InstantDoc ID text 
box, and clicking the 94185.zip link. 
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The nice thing about upCheckSecurity- 
Configuration is that all your tests are cen- 
trally located. Need to modify one of your 
checks or add a new security test? Just edit 
upCheckSecurityConfiguration, recompile, 
and away you go. It doesn’t get much easier 
than that. 

If you don’t already have a test database, 
I suggest you create one to host upCheck- 
SecurityConfiguration and its support tables 
along with trgLogBug. You'll also want to 
consider who should be given access to 
these resources and set access privileges 
accordingly. 


Audit Smartly 


This article has shown you how to automate 
your security audits and do away with the 
drudgery of manually verifying that your 
databases are correctly configured. The key 
is to treat your audits as configuration tests 
and verify each security checkpoint just as 
you would if you were looking for other 
kinds of bugs in your database. 

To monitor security vulnerabilities in this 
way, you need an up-to-date security testing 
document detailing your auditing schedule, 
the settings you'll check, and the reporting 
procedures you'll follow. If your organization 
currently has no security plan, then you should 
do what you can to get one created. Start with 
the Microsoft security checklist to see which 
security requirements make sense in your 
organization. Then convince your teammates 
to commit to a standard set of security auditing 
procedures. Most of all, be sure to document 
your results so everyone can see the difference 
audit automation can make. 

Audit automation is an invaluable addi- 
tion to any DBA professional’s toolkit. But 
before arbitrarily automating every security 
check you make, be sure the payoff is worth 
the setup involved. Your guiding rule here 
should be to focus on those mission-critical 
checks you find yourself regularly repeating. 
You'll rest easy at night knowing your 
time has been well spent protecting your 
organizations most vital data assets. EM 

InstantDoc ID 94185 
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PIVOT on Steroids 


Encapsulate PIVOT operator 
workarounds into a dynamic, 
flexible procedure 


SQ L Server 20055 new PIVOT operator simplifies the process of rotating data 

from rows to columns for flexible analysis. However, as I described last month, 
PIVOT has some limitations (see “Enhancing PIVOT for Crosstab Queries,” InstantDoc 
ID 93907). Not only are the grouping columns implicit, increasing the potential for writing 
code that produces undesired results, but the PIVOT IN list (which contains rotation 


e on Ihe WEB 
the Web table and down- 
load the listings at InstantDoc 


elements) isn’t dynamic. In addition, grouping, rotation, and 
aggregation columns must be base columns in the table you 
provide as input, and you can’t rotate more than one column 
pgg Or specify more than one aggregation. 

Last month, I showed you how to circumvent most of these limitations by providing 
a table expression (a derived table or common table expression—CTE) to the PIVOT 
operator as input and "preparing" columns that result from expressions. I also explained 
how to use dynamic SQL to make the PIVOT column dynamic. 

This month, I show you how to encapsulate all this workaround logic into a stored 
procedure to provide a flexible and more complete solution for dynamic pivoting needs. 
Because this solution uses dynamic SQL, which can expose your system to security risks, I 
also share tips for helping you safely use the procedure. The sp. pivot and usp. pivot stored 
procedures that I describe are from Inside Microsoft SQL Server 2005: T-SQL Programming 
(Microsoft Press, 2006), which I wrote with Dejan Sarka and Roger Wolter. 


Powerful Pivoting Logic 

The sp_pivot stored procedure delivers powerful, dynamic pivoting logic. Run the code 
in Listing 1, page 20, to create sp_pivot in the master database. As I noted, the stored 
procedure uses dynamic SQL, which opens the door to serious SQL injection risks. (If 
you arent familiar with SQL injection, I urge you to read the “SQL Injection” section 
in SQL Server 2005 Books Online—BOL.) After I explain sp_pivot’s pivoting logic, I'll 
cover measures you can take to mitigate these security risks. 

Before I dig into sp. pivot interface and implementation, I want to discuss the stored 
procedures name and the fact that I created the stored procedure in the master database. 
A stored procedure whose name you prefix with the characters sp_ and that you create in 
the master database has special behavior. You can invoke the procedure while connected 
to any database without having to database-qualify the procedure name: 


USE Northwind; 
EXEC dbo.sp pivot «arguments»; 


Thus, the execution context of dynamic SQL isn’t that of the master database but 


rather the context of your connection (Northwind, in this case). Furthermore, you can 
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be connected to any database and force 
the context of the procedure’s execution 
(in terms of dynamic SQL) to be what- 
ever database you qualify the procedure 
name with. For example, the following 
statement forces the execution context of 
dynamic SQL to that of the Northwind 
database, regardless of which database 
you're connected to: 


EXEC Northwind.dbo.sp_pivot 
«arguments»; 


Note that Microsoft doesnt recom- 
mend creating stored procedures in the 
master database using the sp_ prefix and 
doesn’t guarantee any support if you 
decide to do so. To adhere to Microsoft 
recommendations, you might prefer to 
create the stored procedure in all user 
databases in which you might need it 
and use a different prefix in its name. This 
approach, of course, would require you 
to maintain multiple copies of the stored 
procedure. Now, lets see how I imple- 
mented sp. pivot. 


5 Paramelers 

The sp. pivot stored procedure accepts 
five input parameters: @query, @on_rows, 
@on_cols, @agg_func, and @agg_col. 
The @query parameter represents the 
input table to the PIVOT operator. The 
parameter can be a table or view name or 
even a query that produces a table result. 
The stored procedure’s code determines 
whether @query contains a valid table 
or view name and, if so, constructs a 
SELECT query against the object: 


SET aquery = N'SELECT * FROM ' 
+ dquery; 


If @query doesn’t contain a valid table or 
view name, the stored procedure assumes 
it contains a query to begin with. 


Itzik Ben-Gan (itzik@solidqualitylearning.com), a 
mentor at Solid Quality Learning, teaches, lectures, and consults 
internationally. He manages the Israeli SQL Server Users Group, 

is a SQL Server MVP, and is the author of the Inside Microsoft SQL 
Server 2005: T-SQL series (Microsoft Press, 2006). 
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TABLE | Sum of Freight for Each 
Employee and Shipper 


EmployeelD 1 2 3 
2491.74 4258.90 4134.10 
1049.83 1270.42 1460.229 


726.41 1734.19 865.66 
1204.60 3155.18 2305.66 


2194.73 3259.99 3381.92 
3129.39 4926.73 3290.02 
2281.09 4350.20 2065.12 
1218.27 1991.84 708.60 
1889.27 3297.40 2301.21 
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TABLE 2: Orders Count for 
Each Employee and Shipper 


EmployeelD 1 2 &) 


3 36 45 46 
6 23 25 ag 
9 10 19 14 
7 20 24 28 
1 38 44 A] 
4 46 70 40 
2 35 30. 3 
5 14 15 Ws 
8 2] 48 29 


TABLE 3: Sum of Value for Each Month 
and Year 

OrderMonth 1996 
NULL 
NULL 
NULL 
NULL 


1997 1998 


66692.80 100854.72 
41207.202 104561.95 


39979.90 109825.45 
55699.39 134630.56 


NULL 56823.70 19898.66 
NULL 39088.00 NULL 
30192.10 55464.93 NULL 
26609.40 49981.69 NULL 
27636.00 59733.02 NULL 
10 41203.60 70328.50 NULL 
11 49704.00 45913.36 NULL 
12 50953.40 77476.26 NULL 
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The @on_rows parameter represents 
the grouping columns. The stored proce- 
dure requires you to specify the grouping 
columns explicitly, unlike the PIVOT 
operator. You can specify one or more 
columns separated by commas, or you can 
specify expressions such as 


8on rows = N'EmployeeID, 
MONTH(OrderDate) 
AS OrderMonth' 


The @on_cols parameter represents the 
rotation column. Here, you can specify a 
column name or expression; you don’t specify 
the actual rotation elements. The stored proce- 
dure uses dynamic SQL to determine the rota- 
tion elements. If you want to rotate order years, 
for example, you can specify the expression 


8on cols = N'YEAR(COrderDate)' 


If you want to rotate multiple columns, you 
can provide an expression that concatenates 
elements. So, if you want to rotate shippers and 
order years, you can specify the expression 


8on cols = N'CAST(ShipVia 
AS VARCHAR(1@)) + '' ''" + 
CASTCYEARCOrderDate) 
AS VARCHAR(10))! 


The @agg func parameter represents the 
aggregate function you want to use (e.g., 
SUM, MIN, MAX, COUNT): 


89agg func = N'SUM' 


You can even specify a user-defined aggre- 
gate (UDA) function name. 

Last, the @agg_col parameter represents 
the aggregation column that you'll provide 
to the aggregate function as input. You can 
specify a column name, an expression (e.g., 
N'Quantity * UnitPrice), or even N'*' if 
you want to count rows. Note that sp. pivot 
doesnt work around PIVOT' inability to 
calculate multiple aggregations; you're still 
limited to one aggregation. 

Youre now ready to use the sp pivot 
stored procedure to provide flexible, dynamic 
pivoting functionality. Let first look at a few 
examples of using the procedure and then 
walk through its implementation. In the 
following example, sp_pivot returns the sum 
of freight for each employee and shipper, 
generating the results that Table 1 shows: 
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EXEC Northwind.dbo.sp_pivot 


aquery = N'dbo.Orders', 
8on rows = N'EmployeeID', 
8on cols = N'ShipVia', 
8agg func = N'SUM', 

8agg col = N'Freight'; 


Table 2 shows the results of the next 
example, which returns the count of orders 
for each employee and shipper: 


EXEC Northwind.dbo.sp pivot 


aquery = N'dbo.Orders', 
8on rows = N'EmployeeID', 
8on cols = N'ShipVia', 
8agg func = N'COUNT', 

8agg col = N'*'; 


Table 3 shows the results of running the 
third sp. pivot example code, which returns 
the sum of value (Quantity * UnitPrice) for 
each month and year: 


EXEC Northwind.dbo.sp. pivot 
N'SELECT 
OrderDate, Quantity, UnitPrice 
FROM dbo.Orders AS O 
JOIN dbo.LOrder Details] 
AS OD ON O.OrderID = 
OD.OrderID', 
8on rows = 
N'MONTHCOrderDate) 
AS OrderMonth', 


gquery = 


8on cols = 

N'YEARCOrderDate)', 
8agg func = N'SUM', 
8agg col = 


N'Quantity * UnitPrice'; 
And Web Table 1 (which you can view at 


http://www.sqlmag.com, InstantDoc ID 
94268) shows the results of the last example, 


which returns the sum of freight for each 
employee and shipper_year: 


EXEC Northwind.dbo.sp_pivot 


aquery = N'dbo.Orders', 
8on rows = N'EmployeeID', 
gon cols = 
N'CAST(ShipVia AS 
VARCHAR(10)) + ''_'' + 
CASTCYEARCOrderDate) 
AS VARCHAR(10))', 
8agg func = N'SUM', 
8gagg col = N'Freight'; 
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Solution lo December's Puzzle: Arranging Soldiers in a Row 
After some soldiers misbehave, their commander decides to teach them a 
lesson while testing their powers of logic. He blindfolds them and places hats 
on their heads. Some hats have a circle on them, and others have a square. He 
then arranges the soldiers in a column in front of a door and gives them the 
following orders: 

1. Enter the room one by one. 

2. After you enter the room, remove your blindfold. Don't take off your hat 
or in any way check what sign is on your hat. 

3. Line up in a row facing the door. All soldiers who have a circle on their 
hats should be on the left, and all soldiers who have a square on their hats should 
be on the right. 

4. Don't communicate with each other verbally or by any other means; rely 
solely on your sight and logic. 

5. If any soldier lines up in the wrong spot, the whole group will face severe 
penalties. 

6. If all soldiers form a row with all circles to the left and all squares to the 
right, you will get to sleep tonight. 

7. Now move! 


Assuming you're one of the soldiers, here's the logic you would follow after 
you remove your blindfold and look at the 0, 1, or more soldiers standing in the 
row in front of you: 

* If you enter the room first, simply position yourself somewhere in the room 
and face the door so that the next soldier can see the sign on your hat. 

* If you're not the first one in the room, look at the soldiers in the row facing 
the door. If all soldiers in the row have a circle on their hats, go to the right 
end of the row and face the door. 

* If they all have a square on their hats, go to the left end of the row and face 
the door. 

* If some soldiers have a circle (standing to the left) and some have a square 

(standing to the right), stand between the rightmost soldier who has the circle 

and the leftmost soldier who has the square. 


January’s Puzzle: Crossing the Tunnel 
Four people—let's call them persons A, B, C, and D—need to cross a dark tunnel. 
Only two people at a time can cross the tunnel, and because the tunnel is very 
dark, a flashlight is mandatory. Person A can cross the tunnel in 1 minute, person 
B can cross in 2 minutes, person C can cross in 4 minutes, and person D can 
make it in 5 minutes. The group has one flashlight, containing batteries that last 
only 12 minutes. What strategy will enable all members of the group to cross to 
the other side in 12 minutes before the flashlight's batteries run down? 

InstantDoc ID 94315 


Now that you've seen how you can use 
sp. pivot to rotate data from rows to columns, 
lets look at how the stored procedure encap- 
sulates the logic of the PIVOT workaround 
techniques I covered last month. At callout 
A in Listing 1, page 20, the code determines 
whether the input is a valid table or view 
name, as I mentioned earlier. If it is, the code 
constructs a SELECT query against the table 
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or view; if it isn't, the stored procedure assumes 
you provided a query to begin with. The code 
then creates a derived table called Query out 
of the query string stored in @query. 

At callout B, the code circumvents the 
limitation that * isn’t allowed as input to the 
COUNT function by substituting * with the 
constant 1. And at callout C, the procedure 
uses dynamic SQL to query the list of rotation 
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elements and store the list in the @cols local 
variable. The code constructs a FOR XML 
PATH query string that queries the distinct 
rotation elements (expressed by @on_cols) 
from the derived table stored in @query, con- 
catenates them, and returns the concatenated 
string by using the @result output parameter. 
You can use other techniques besides FOR 
XML PATH to concatenate strings, such as 
using a cursor, but those approaches require 
more code and are much slower. 

At callout D, the procedure constructs 
the PIVOT query and invokes it using 
dynamic SQL. Note two important points 
here. First, the derived table PivotInput 
contains only the columns that need to be 
involved in the pivot operation: grouping 
columns (@on_rows), the rotation column 
(@on_cols), and the aggregation column 
(@agg_col).This technique lets you prevent 
implicit grouping by columns that you dont 
want to take part in the grouping activity. 
Second, the list of rotation elements stored 
in @cols that the procedure constructed 
dynamically is part of the concatenation (in 
the parentheses following the IN clause), 
letting you rotate a dynamic number of ele- 
ments that are unknown ahead of time. In 
the query string you're constructing, the IN 
list appears to be a list of known elements. 


Mitigating SQL Injection Risks 

As I’ve noted, sp pivots implementation 
doesnt guard against SQL injection attacks. 
Coverage of SQL injection is outside the 
scope of this article, but you can learn about 
SQL injection and how to prevent it by 
reading "SOL Injection: The Hackers Gold 
Mine" (May 2006, InstantDoc ID 49639) and 
“Preventing SQL Injection Attack" (August 
2004, InstantDoc ID 43012). The following 
example shows how easy it is to inject code 
by using the sp. pivot stored procedure: 


EXEC Northwind.dbo.sp. pivot 
aquery = N'dbo.Orders', 
8on rows = N'1 AS c) AS D; 

PRINT ''SQL Injection! 

This could have been much 

worse than a PRINT 

command!''; 

SELECT * FROM (select 

EmployeeID', 
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gon cols = N'ShipVia', 
9gagg func = N'COUNT', 
@agg_col = N'*'; 


This invocation of sp_pivot injects a PRINT 
statement, but you could inject much more 
destructive code, such as DROP commands 
and xp. cmdshell. 

You can mitigate the risks of SOL injec- 
tion, but bear in mind that hackers continue 
to find creative ways to inject code into your 
systems. If you use dynamic SQL, your oper- 
ating premise should be that hackers will be 
able to inject their own code through it. The 
only way to prevent injection is to not use 
dynamic SQL. With that in mind, here are a 
few ways you can mitigate the risks of SOL 
injection in sp. pivot: 

Limit the size of your input parameters. Sp. 
pivot defines all parameters as NVAR CHAR. 
(MAX), giving hackers a lot of leeway 
for injecting code. You can define all piv- 
oting elements (grouping column, rotation 
column, aggregation column) as sysname, 
for example, to limit the input string size 
and the opportunities for injecting code. 
Also, query the metadata to verify that speci- 
fied columns exist in the input table. 

Do not accept a query as input. Instead, 
accept only a table or view name as input, 
and check to be sure that the object exists. 
If you need to perform manipulation to 
prepare pivoting elements that have expres- 
sions, you can always create a view by using 
such manipulation and then provide the 
view as input. 

Limit the aggregate function name size. For 
example, define the size as NVAR CHAR (12), 
and check that the function appears in a list of 
your supported functions. 

Use the QUOTENAME function to 
quote object and column names with square 
brackets. For example, QUOTENAME 
(N'col1') becomes [col 1], while QUOTENAME 
(N'ol1] DROP TABLE T1 --') becomes [col 1]] 
DROP TABLE T1 -] The closing square 
bracket, which is often used as an attempt to 
inject code, is doubled by the QUOTENAME 
function, neutralizing injection attempts. 

Check the contents of the @cols variable, 
which contains the concatenated list of rotation 
elements. Remember that SQL injection 
can be achieved by injecting code into your 
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LISTING 2 Code That Returns the Sum 
of Freight for Employees and Shippers 


LISTING | Creation Script for Stored Procedure sp pivot 


USE master; 
GO 


IF OBJECT ID('dbo.sp pivot') IS NOT NULL 
DROP PROC dbo.sp pivot; 
GO 


CREATE PROC 
gquery 
gon rows 
8on cols 
8agg func 
8agg col 

AS 


dbo.sp pivot 

AS NVARCHAR(MAX), 

AS NVARCHAR(MAX), 

AS NVARCHAR(MAX), 

AS NVARCHARCMAX) = N'MAX', 
AS NVARCHAR(MAX) 


DECLARE 
asql AS NVARCHAR(MAX), 
acols AS NVARCHAR(MAX), 
@newline AS NVARCHAR(2); 


SET dnewline NCHAR(13) + NCHAR(10); 
- If input is a valid table or view, 
-- construct a SELECT statement against it. 
IF COALESCECOBJECT ID(G3query, N'U'), 


OBJECT ID(3query, N'V')) IS NOT NULL 


SET 8query 


N'SELECT * FROM ' + Qquery; 


-- Make the query a derived table. 
SET d@query = N'C ' + dquery + newline + N' 


B)-- Handle * input in 3agg col. 
*!' 


IF 8agg col = N' 
SET 83agg col 


N'1'; 


C)-- Construct column List. 


SET asql = 
N'SET @result = ' 
N' STUFF(' 
N' CSELECT N'*,' -T 


+ N'GUOTENAME(pivot col) AS Ctext()1'+ anewline 


EXEC dbo.usp, pivot 
g8schema name 
8object name 


N'dbo', 
N'Orders', 


gon rows = N'EmployeeID', 
gon cols = N'ShipVia', 
@agg_func = N'SUM', 
a@agg_col = N'Freight'; 
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data. Look for known 
strings used in SQL 
injection, such as --, 
sp_, xp_, DROP, and 
so on. 

Create the procedure 
in a specific database 
and by using the usp_ 
prefix. To conform to 
Microsofts recom- 
mendations and to pre- 
vent use of the stored 
procedure globally in 
the instance, create sp_ 
pivot only in the data- 
base where you want 
to allow usage and by 
using the usp_ prefix 
instead of sp_. 

To implement 
these security mea- 
sures, run the code in 
Web Listing 1 (which 
you can download at 
InstantDoc ID 94268) 


) AS Query'; 


+ gnewline 
+ gnewline 


N! FROM (SELECT DISTINCT(' to create the usp pivot 
Li 1 Lf 1 
+ gon cols + N') AS pivot, col + gnewline + : 
N! FROM' + aquery + N') AS DistinctCols' stored procedure in the 
+ gnewline + : 
N' ORDER BY pivot, col' + gnewline + Northwind database. 
Nt FOR XML PATH('T!')),! + anewline + The code in Listing 
N' 15. dz NEEDS 
2 invokes the pro- 
EXEC t l 
istne E gel. cedure to return the 
@params = N'ðresult AS NVARCHAR(MAX) OUTPUT' um 
gresult = acols OUTPUT; t 3 of freight for each 
employee and shipper; 
Oz Create the PIVOT query. 
SET asql = Table 1 shows the 
N'SELECT *' + gnewline + 
N'FROM' + gnewline + results. 
N' ( SELECT ' + 8newline + Asalways, tightening 
N' ' + 8on rows + N',' + gnewline + à 
N' ' + Qon cols + N' AS pivot col,' + @newline + security comes at the 
N' "+4 UL + N' AS E" +a li + 
Ni: "EROM ES UO Sddcen i aneuline « cost of decreased flex- 
N' ' + @query + gnewline + hil 
N' ) AS PivotInput' + gnewline + ibility. And although 
N' PIVOT! + ünewline + these measures help 
N' ( ' + gagg func + N'Cagg_col)' + gnewline + k 
N! FOR pivot, col' + gneuline + yOu mitigate the 
N' INC! + 3cols + N')' + anewline + s x 
N' ) AS PivotOutput;' risk of SQL Injec- 
tion attack, when you 
EXEC sp, executesql 3sql; ` d 
GO use dynamic SQL, it’s 


hard—if not impos- 

sible—to guarantee 

that you can block all SOL injection 
attempts. Use dynamic SQL with caution. 
Still, with these safety measures in place, 
usp. pivot provides a powerful tool for piv- 
oting data and giving users information as 
they need to see it. [SQL 
InstantDoc ID 94268 
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Database tools that SCALE " 


SOL Farm Combine" 


Deploy DB projects, scripts, and queries 
on all databases and servers by a click of a button 


Development 
Collaborate and compose database projects 
Support for a wide range of source control systems 
Advanced scripting, automated snippets/templates, intellisense 


Agile Code Deployment 
One-click project deployment on all databases and servers 


Run queries and scripts on many databases & servers 
in parallel (see screenshot) 


Easily pass & deploy projects between Dev €? QA €» Production 


Develop or auto-generate 
DB project code 


f SQL Farm Combine Map project scripts to a "Container", a 
pre-configured group of target databases 


Return jobs info and server detalis * be om al 
© 2 Demo Propst Package * ^ EXEC msdh..ep help job 
in 1. Deploy Web databases objects a 

25 1. Create Web tabies + 


24 2 Fopulale Wed indies « - Get 
va 3. Create Web procedures + 
Ja 4. Add Wab loges, users, and roles + 
ea 2 Finance Databases Scripts 
aa 1. Crate Finance tables : 
2; 2. Populate Finance data + 
» 3. Create Finance stored procedures + 
94 4. Add Finance logis, users, snd roles + 
ix 3 DBA Tasks 
Sə 1. Create DBA Objects 
94 1. Create OBA Maintenance jobs + 
947 Create DAAMaint objects + 
za 2. Got data trom servers 


4| 


server version, edition, etc., 


from ol) servers 


SELECT 


RFR 


(^ Serverlame') AS MachineNane Descrippon 
(ProductVersion') AS Version slatrveP mtt 
(C ProductLevel') AS (Level) 


SERVERPROPERTY ('Edition') AS Edition 


3 oer resus 
D 2. Creata DBAMaint objects 
E Aggragated Table * (9 rows) 


pod onginsting server name 
40328a-3442-47 devavet Cha ck Server Status 


© Aggregated Table 2 (9 rows) 3 
a Individual Results 2 DEVSVR1 DBAMaint = 04coS46d-d525-4 
c 2 Get data kom servers 3  O£V$Vh2 D&AMwm!  bdOBSSb1-7589-4 de X DEA TEENS arc ^d JJ NOU ————— 5 
3, 1. Retumn jobs into and server details 4  DEVEVR2 DBAMaint e2882070-47M-4 ai 1. Create DBA Objects ComaneSenw Comma Machmetiame Vernon 
a AIT ANDES: 5 PROOSVR1  OBAMamnt 50886565-1714-4 pe à 1 Create DOA Marmensncejobs |! — DEVSVRT DBAMam DEVSVRI — 0002047 
E d i Messages (108 items) |^  PROOSVRI  DBAMami SSbáibée-aGeid pe : Aggregwed Messages (17284 2  DEVSVRZ  — OBAMait DEVSYR2 8001% 
^ia individual Results: 7  PROOSVR2  DBAMant 254960bb-ÉdB4-4 pel +3 individual Results 3 X PROOSVR! OBAMaim PRODSVAi 900.2047 
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What's so hard about supporting 
heterogeneous environments? 


If you have to ask, you've never tried it! 


Take advantage of the lessons learned by multi-platform experts, 
and register today for Virtual TechX World—designed to give IT pros 
like you the tools you need to efficiently operate and manage your 
integrated IT environment. Bypass the trial-and-error work by joining 
industry experts, third-party providers, and the foremost vendors 

to get practical, real-world solutions for managing the demands on 
your IT infrastructure while meeting critical business objectives. 


VÍ How to Make Linux and Windows 
Work Better Together 


VÍ Setting Up Single Sign-On for Windows 
and Linux 


A Managing Your Heterogeneous Infrastructure 


A Getting the Most Out of Virtualization— 
An Introduction 


December 14, 2006 


Using the latest in virtual event technology, you can participate in 
seminars, visit vendor booths on a simulated exhibit floor and interact 
with your peers! 


www.windowsitpro.com/go/techxwinmag 
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Team Dats can help keep tabs on 
your database changes 


0 ver the past few months, this column has looked at how Visual Studio Team 
Edition for Database Professionals (Team Data) can help you put your database 
schema under source control, create a baseline project from which you can modify your 
database, and implement unit tests and generation plans to ensure your data’s reliability. 
Now that you have a baseline that you can test, let’s look at how Team Data can make 


changing and refactoring the schema easier. 
Refactoring is a term that’s familiar to developers 


eonte WEB — because its been a development-tool feature for some years 
See the Web figure at |, now. Wikipedia defines refactoring as ". . . the process of 
InstantDoc ID 94217 


rewriting a computer program or other material to improve 


its structure or readability, while explicitly preserving its meaning or behavior” and 
states that, “In software engineering, the term refactoring means modifying source code 
without changing its external behavior, and is sometimes informally referred to as 
‘cleaning it up’? (Io read more of Wikipedias definition, see http://en.wikipedia. 
org/wiki/refactoring.) 


Big Trouble in Little Changes 

In the software development industry, refactoring is an important concept because 
it’s a fundamental requirement for any agile development method—in which every 
last “i” isn’t dotted and "t" isn’t crossed at the outset of the project. The problem is 
that the more complex your code becomes, the more likely changes you make will 
have a cascading effect throughout the code (e.g., if you change the name of a vari- 
able, you need to ensure that everywhere that variable is used also refers to the new 
name). This can lead to a lot of manual work and uncertainty that all the changes 
have been made. 

Automated refactoring hasn't really made it to the database world. When I discuss 
refactoring with database people, I liken it to cascading changes, which seems to explain 
it quite nicely. The problem of refactoring a database is as complex as refactoring code, 
If not more so. Think about the effect of changing a column name: Could that column 
be used in a stored procedure or view? Could it be part of a foreign key relationship? 
Does it have a constraint on it? The effect that even a simple database schema change 
can have makes people avoid it at all costs. In fact, I was recently at the Gartner Applica- 
tion Development Summit in Phoenix, and I asked an attendee what he would say if 
someone on the team tried to change the name of an ID column. The persons reply 
was “NO!” Scott W. Ambler and Pramod J. Sadage’s book Refactoring Databases: Evolu- 
tionary Database Design (http://www.ambysoft.com/books/refactoringDatabases.html) 


does a good job of discussing all database refactoring aspects. 
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See the Future of Change 
Team Data is taking the process of data- 
base refactoring another step forward by 
offering rename refactoring for database 
schema. To make a name change and 
refactor the entire database to support that 
change with Team Data, simply right-click 
an object in the database project schema 
view and select Refactor-Rename... from 
the pop-up menu. From there, a new 
dialog box opens in which you can enter 
your desired change and preview changes 
before they're made. (I recommend always 
previewing the changes so that you have a 
good feel for the scope of their effects.) 
The preview window, which Web 
Figure 1 (http://wwwsqlmag.com, Instant- 
Doc ID 94217) shows, lets you see details 
about everywhere the change will happen 
and the exact change that will be made. 
Team Data Refactoring isnt limited to 
just the database schema; everything in the 
database project, including the unit tests and 
data generation plans, can use the column. 
If you're happy to make the changes high- 
lighted in the preview window, then the 
only thing left to do is click Apply, and all 
the changes will be made automatically. 
Although the refactoring functionality 
in Team Data covers all areas of the database, 
it doesnt cover refactoring of application 
code that accesses the database. To ensure 
that you're completely comfortable with all 
the changes made, combine the refactoring 
support with developing your applications 
in a test-driven development environment 
in which problems are caught and fixed by 
your test passes. Next month, I'll look at 
how testers and non-database developers 
can integrate into the All Up team and 
help to ensure the quality of the database 
applications that are being built. SOL 
InstantDoc ID 94217 
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T ? The product collects, analyzes and displays information about 
ired of thermometers: the inner workings of MS SQL 2005 database servers. 
Some examples of such information are: 
: . Minds Get the doctor for a) what queries are causing blocking and deadlocks; 
Companion our next b) what hardware and software resources are bottlenecking; 
for MS SOI y c) what is currently running on the server; 
Neigh dessa’ sos SQL Server d) what queries are causing contention on TempDB? 


= | Server 2005 e) what indexes are missing, not needed and used the most; 


health check f) what is using the physical memory; 
g) what queries are using the most CPU, Reads and Writes; 


m) what are the largest tables/indexes with the most rows; 
n) what statements are being recompiled and why; 
0) what size will the database be in 6 months...a year? 
p) what queries are using cursors; 
and much more... 


h) what non-clustered indexes need to be changed to clustered; 
i) what non-clustered indexes have an incorrect first column; 
j) what are the NUMA nodes and CPUs affinity on the server; 

4 k) what is the baseline and how does it change over time; 

( j I) who is modifying the database schema and how; 
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Single-Table Joins in 
Query Plans 


Learn how the query optimizer uses 
a join for a single-fable query with a 
WHERE clause 


ye might not realize that in a SQL Server 2005 query plan, the use of a nonclus- 
tered index on a table shows a join operation. Almost all the SQL Server Books 
Online (BOL) descriptions that discuss the JOIN keyword in a query refer to joining 
two tables. However, in the BOL sections on types of joins under “query tuning,” you'll 
see references to the join operator in a query plan and a description that refers to two 
inputs, not two tables. For our purposes, we can consider an input to a join to be a set 
of rows; it could be an entire table or a set of rows after specified filters are applied. 
We'll examine inputs to joins that are sets of index rows and learn about two types 


e on Ihe WEB 
See the listings at 
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Query Plan Using a Nonclustered Index 

In the first type of query, the plan uses a nonclustered index to find the desired rows—that 
is, rows meeting a condition specified in the WHERE clause. You probably know that the 
index rows in the leaf level of a nonclustered index contain the index key columns and a 
bookmark, or pointer, to where the actual corresponding data row is located. As I discuss 
in "Inside Optimization,’ October 2003, InstantDoc ID 39822, a bookmark can take one 
of two forms. If the underlying table has a clustered index, the bookmark is the clustered 
index key. If the table is a heap, the bookmark is a row ID, indicating the file number, page 
number, and slot number on the page where the row is located. 

In SQL Server 2000, the query plan for a single-table query that uses a nonclustered 
index to find the data rows shows the bookmark lookup operation. The execution plan 
looks the same whether or not the table has a clustered index. To see the plan, first run 
the code in Listing 1 on a SQL Server 2000 instance to create a copy of the Orders 
table in the Northwind database, called Orders2. 

The only difference between the two tables is that the original Orders table has 
a clustered index on OrderID and the LISTING | Creating a Copy of the 
new Orders2 table is a heap (i.e.,a table | Orders Table with No Clustered Index 
with no clustered index). I created the [ge Northwind 
two queries in Listing 2, then used SOL E A NTO OAS 
Server Management Studio (SSMS) to FROM Orders 
run these queries against a SQL Server CREATE INDEX Customer1D2 
2000 instance. The execution plans for 
the two queries look the same. The plan 


of query plans that indicate that SQL Server is performing 
a join, although only one table is in the query and no JOIN 
operator is specified in the T-SQL code. 


ON Orders2(CustomerID) 
GO 
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LISTING 2 Queries That Have the 
Same Execution Plan 


SELECT * FROM Orders 
WHERE CustomerID - 'VINET' 


SELECT * FROM Orders2 
WHERE CustomerID = 'VINET' 


LISTING 3 Sales.SalesOrderHeader 
Table Query 


SELECT * FROM 
Sales.SalesOrderHeader 
WHERE SalesPersonID = 283 


shows that SQL Server uses the non- 
clustered index to find the index rows 
meeting the desired condition (in this case, 
CustomerID = 'VINET?^, then uses the 
bookmarks in the leaf-level index row to 
find the corresponding rows in the table. 

In SQL Server 2005, the plan looks 
different. If you think about it, the book- 
mark lookup operation actually takes a set 
of rows from the index (all rows meeting 
the specified condition) and finds all rows 
in the underlying table that match those 
rows (i.e., that have rows with the same 
bookmark). These actions are the same 
as a join operation, so SQL Server 20055 
query plans show this operation as a join. 
SQL Server 2005 isn't really doing any- 
thing differently; its just that the query 
plan describes SQL Servers execution 
steps slightly more precisely. 

To see a query plan containing an 
index seek of a nonclustered index in 
SOL Server 2005, use the Sales.Sales- 
OrderHeader table in the Adventure- 
Works database, run the query in Listing 3, 
and examine its query plan, which Figure 
1, page 26, shows. The index seek at the 
top right is the seek from the index on 
the SalesPersonID column, which returns 
a set of index rows, each containing a 
clustered index key as a bookmark. The 
plan shows a nested-loop join that takes 
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each bookmark (clustered index key) from 
the rowset provided from the index on 
SalesPersonID and finds the matching rows 
in the table, by seeking on the clustered 
index. 

If Sales.SalesOrderHeader didnt have a 
clustered index, the plan would look similar 


f rRos 


Sales.Salesordertlender WHERE SalesPersoniD 


- 203 


[el 
Nested Loops 
filter them poer pann 
according to 
the second 
condition. 


However, if 


d ^ 
Codi Bie Index Seek 
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neither con- 
dition were 


> > FIGURE | Nonclustered index seek on table with clustered index 


but not exactly the same. The 


plan still shows a nested-loop 


Query 1: 


Query cost 


(eelative to the betch|: 45^ 


join operation, but instead of 


the seek in the clustered index, , 8 a QS 1 a 
the plan shows a row ID (RID) poris Tenes Join ETIN 
lookup operation into the base a 
table because the bookmark Sue 51 


returned from the nonclustered 
index is the row ID. 
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Index Intersection 
The second type of query plan 
that can show a join operator 
even when the query contains 
one table occurs when the query opti- 
mizer decides to use two or more indexes 
on a table. (I describe this behavior— 
called index intersection—in “Inside Opti- 
mizer Enhancements" November 2003, 
InstantDoc ID_39906.) If a query has mul- 
tiple search conditions, and more than one 
has a potentially useful nonclustered index, 
the optimizer considers index intersection. 
Consider the query in Listing 4. SalesPer- 
sonID and CustomerID each have a non- 
clustered index. If either search condition in 
the query were selective and returned only a 
few rows, the optimizer could simply decide 
to use one index. The optimizer would use 
a query plan like that in Figure 1 to find 
the rows in the underlying table based on 
one of the conditions. Then, once the opti- 
mizer had the rows from the table, it would 


LISTING 4 Sales.SalesOrderHeader 
Query with Multiple Search Conditions 


SELECT * FROM Sales.SalesOrderHeader 
WHERE SalesPersonID = 278 
AND CustomerID < 33 


LISTING 5 Queries That Don't Use a 
Clustered Index 


SELECT * FROM Sales.SalesOrderHeader 
WHERE SalesPersonID = 278 


> 


SELECT * FROM Sales.SalesOrderHeader 
WHERE CustomerID < 33 
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FIGURE 2 Query plan showing index intersection 


selective, the optimizer might decide to use 
both indexes. The qualifying index rows 
from each index contain the nonclustered 
keys and bookmarks, and SQL Server could 
join the two rowsets together, matching 
index rows with the same bookmark. 

In the query in Listing 4, neither condi- 
tion is selective enough to use a nonclus- 
tered index. If you look at the plans for each 
query in Listing 5, you'll see that each uses a 
clustered index scan, which is really the same 
as a table scan. 

However, if you combine the two que- 
ries, you'll get a plan like the one in Figure 
2. SQL Server performs index seeks by 
using each nonclustered index, then sorts 
the rowset of index rows from the index 
on CustomerID by SalesOrderID, which is 
the clustered key. The index rows from the 
SalesPersonID index are already sorted by 
SalesOrderID, because the index’s leading 
column has only one value (278). After 
sorting the rows from the CustomerID 
index by SalesOrderID, SQL Server can 
perform a merge join. The result of the 
merge join is still just a set of index keys 
and bookmarks, so another join operation 
combines that rowset with the rows in the 
clustered index by using a nested-loop join. 
If the underlying table were a heap, the plan 
would look similar, but the base table would 
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use a RID lookup instead of a clustered 
index seek. 

Theoretically, the optimizer could choose 
to use index intersection on more than two 
nonclustered indexes on the same table. 
However, in addition to the cost of seeking 
through the index to find the relevant index 
rows, the optimizer must consider the added 
cost of managing the rowsets from each index 
and possibly performing sort operations and 
joining the rowsets together. Performing these 
actions is usually much more expensive than 
using a single index, joining to the base table 
to get the data rows, then filtering the rows to 
apply the additional search conditions. 


An Obscure Join 
Before SQL Server 7.0, SQL Server used at 
most one index per table in a query. Index 
intersection, introduced in SQL Server 7.0, 
lets SQL Server join sets of rows retrieved 
from multiple nonclustered indexes. SQL 
Server 20055 query plans show us that using 
the index information from a nonclustered 
index to find rows in the underlying table is 
really a type of joining—between an index 
and a table. There are other ways of using 
multiple indexes on the same table in a 
single query, and I'll explain these options 
in an upcoming column. SQL 
InstantDoc ID 94116 
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A method for reconciling disparate 
dala sources 


| “Implementing Supertypes and Subtypes” (November 2006, InstantDoc ID 
nN 93241), I discussed using supertypes and subtypes for data modeling and how 
to implement the design objects. Now you're probably waiting for me to give you a 
real reason for adopting the supertype-subtype design concept. I will. 


Whether you realize it or not, your company is failing to capitalize on business 
opportunities and is losing revenue because it doesn’t have a single source of accurate 
data, or data truth. And you're well aware of the time you and your colleagues spend 
trying to reconcile the discrepancies in reports that you're producing. Master Data 
Management (MDM) is a method you can use to target incomplete, inaccurate, and 
fragmented data that’s stored in various data stores in your enterprise. 


What Is Master 
Data? 

MDM is a hot topic 
in today’s market. I first 
googled “Master Data” 
and found 3.2 million 
entries, then "Master 
Data Management” 
and found 975,000 i 
entries. There are seem- 
ingly hundreds of soft- 
ware companies selling 
MDM software. Some 
companies advertise that 
by using their products 
you'll be able to connect 
to your legacy systems 
and fully integrate your — [2 
core data across the entire 
enterprise with a mere 
click of your mouse. 

I have news for you: Reconciling disparate data sources isn’t easy. When data 
warehousing was first introduced, DBAs experienced a revelation: To create a true 
enterprise data warehouse (EDW), DBAs had to develop common definitions of core 
data that was used by many of their companies’ applications. By trying to develop these 
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definitions, DBAs found more definitions 
for customer than they ever expected and 
struggled with common data definitions 
and sources. 

Many EDW projects fell by the way- 
side because DBAs couldnt come to a 
consensus on a unified view of corporate 
data. Now, many corporations are revis- 
iting these concepts to try and reconcile 
their disparate data sources and are using 
new buzzwords: master data and MDM. 
DBAs now realize that every piece of 
data in their company doesn’t need to be 
categorized, cleansed, and made uniform 
across the enterprise. Instead, there can 
be, and probably should be, departmen- 
tally based variations in data to support 
the different functions performed within 
each department. What we do know is 
that there is core data—people, places, and 
things—that needs to be tracked across 
the enterprise. This is master data. 

You can think of master data as meta- 
data and real data combined. Master data 
consists of consensus-driven data and data 
definitions applied consistently across an enter- 
prise. It’s consensus-driven because master 
data requires more than the IT or data 
warehouse groups to devise the metadata 
layer and to determine which set of cus- 
tomer data or inventory data is the real 
or base data. To gain consensus across the 
enterprise, you have to involve all the data 
stakeholders—business decision makers 
and IT staff—whose job depends on the 
validity of the data. 


Managing Master Data 

Managing master data has given rise to 
the MDM movement. Because MDM is 
consensus-driven and enterprisewide, it 
shouldn’t surprise you that the governing 
body in an organization that determines 
what constitutes master data and how to 
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manage it needs to be staffed with cross- 
functional individuals from the technology 
and business sides of the enterprise. “Cross- 
functional” means that these individuals 
have experience in many facets of business 
and technology. No one person is expected 
to know it all, but the more experience each 


basis and store the nonmaster data (for 
example, transaction details) locally. Another 
implementation scheme is to synchronize 
the master data content between the Master 
Data Repository and the applications. In 
either scheme, applications write master 
data to the Historical-Analytical System as 
the data is modified, whereas 
applications write transac- 
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> > FIGURE 2 MDM solution with a Master 


Data Repository 


member has, the better suited that person is 
to sit on the data governance board. 

Figure 1, page 27, shows a typical enter- 
prise data scenario at a very high level. The 
enterprise has legacy applications, existing 
applications, and new applications, and each 
application feeds from and writes to its own 
set of data. This is the genesis of informational 
silos. All the data stores feed into the His- 
torical-Analytical System, which becomes 
a dumping ground for data. The analysts 
use the Historical-Analytical System to do 
two things: determine which data is most 
valuable, and use the data in this system 
to reconcile the discrepancies between the 
informational silos. 

Figure 2 is a logical representation of 
what this environment would look like if it 
were under MDM control. In the center is 
the Master Data Repository. There are many 
ways to implement MDM control. One 
scheme is to maintain the data in the Master 
Data Repository and serve up the data to 
requesting applications on an as-needed 
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tional data from the local 
data stores to the Historical- 
Analytical System according 
to specific Historical-Ana- 
lytical System requirements 
(not shown on Figure 2 to 
retain clarity). Master data 
is fairly static; it behaves like 
the slowly changing dimen- 
sions defined in Ralph Kim- 
ball et al., The Data Warehouse 
Lifecycle ‘Toolkit (Wiley, 1998). 
Transactional systems pin- 
point business activity—sales 
activities, production-line 
operations, real-time activi- 
ties—and usually generate 
volumes of data. 


System 
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Using Supertype- 
Subtype Entities to Map Your 
Master Data Scheme 
In Figure 3, I've laid 
the supertype-subtype 
entities on top of the 
structure in Figure 2 and 
removed most of the 
activity arrows (I did that ) 
only for clarity). Con- 


n 
==] SUBTYPE D 


ages its own data internally, creating the 
ubiquitous informational silos. Let's say for 
the sake of argument that there are separate 
applications for checking accounts, invest- 
ment accounting, home mortgage loans, 
and commercial loans. At the end of the day, 
each department sends the data it collected 
to the Historical-Analyücal System and 
analysts attempt to use this data to compile a 
complete financial picture of each customer. 
This data consolidation process isn't always 
accurate because each application assigns a 
different identifier for the same customer. 
Additionally, the applications might not 
fully synchronize with one another, so the 
Historical-Analytical System might contain 
redundant data. Bank managers know they 
need to understand a customer’s financial 
activity, but with this fragmented picture of 
the customer they’re really limited in what 
they can hope to achieve. 


Implementing an MDM Solution 

The bank decides to implement an MDM 
solution with a Master Data Repository and 
a supertype-subtype master data schema. 
The supertype entity, nested in the Master 
Data Repository, is Person. The bank 
purposely didn’t make the supertype Cus- 
tomer because customer doesn’t reach high 
enough—a bank employee or a vendor 


SUBTYPE C p> 


ceptually, the supertype 


entity belongs with the 
Master Data Repository, 
whereas each of the sub- 
type entities is part of one 


SUPERTYPE Historical- 


-o Analytical 


System 
J 


application. To illustrate, 


SUBTYPE A 


lets look at a banking 


operation and imagine D 
how it would operate — 
in the scenario Figure 3 
illustrates. 

In a conventional 


SUBTYPEB 


organization similar to » 
the one Figure 1 depicts, 
each department man- 
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FIGURE 3 Supertype-subtype master data 
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can also be a customer. The bank is trying 
to eliminate the informational silos and has 
embraced the concept of master data at the 
highest level. Therefore, all people associated 
with the bank—employees, customers, and 
vendors—will be listed in the Supertype 
table. Each of the subtype entities will con- 
tain additional information that’s relevant to 
the associated application. For example, the 
subtype for home mortgage loans will con- 
tain connections to a person’s home address, 
and the subtype for commercial loans will 
contain connections to the customer’s 
business address. In each case, a person has 
a single identifier by which she or he is 
known in the Master Data Repository and 
in each of the applications. At the end of 
the day, when the applications transfer their 
transactions to the Historical-Analytical 
System, the analysts will have an accurate 
and complete view of each customer. 


Incomplete, inaccu- 
rale, and fragmented 
data costs companies 
every day. 


Getting an unfragmented view of cus- 
tomers is especially important in the cus- 
tomer relationship management (CRM) 
arena, in which companies are vying for 
customer loyalty. Automatic rewards pro- 
grams are designed to reinforce customer 
loyalty. Because qualification programs for 
rewards are based on the amount of business 
the customer does with the company, com- 
panies need to be able to consistently track 
customer activity across all departments of 
the company. Without being able to keep 
track of a customers activities, a company is 


powerless to differentiate services according 
to customer loyalty. 


Don’t Miss Any More Business 
Opportunities 
Incomplete, inaccurate, and fragmented data 
costs companies every day in lost opportu- 
nities, diminished revenues, and time spent 
trying to reconcile discrepancies found in 
the corporate data stores. Even Microsoft 
has jumped on board the MDM train. 
According to a report in DM Review (dated 
July 2006), Microsoft has selected a third- 
party software package, Initiate Systems’ 
Initiate Enterprise Integrator, to help it 
create an internal global data infrastructure. 
Microsoft has cited that it needs to integrate 
its internal data with external data into a 
single, trusted source. Doesnt that sound 
familiar? SOL 
InstantDoc ID 94193 
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Use a table-valued function to 
generale a virtual table of integers 


Li an auxiliary table of numbers (call it Nums) can be helpful in many T-SQL 
querying problems. The table is very simple—it’s just one integer column (call it 
n) containing a sequence of integers from 1 and on (as many as you need). You can use 
an auxiliary table of numbers to perform tasks such as splitting strings containing arrays 
of elements, generating histograms, unpivoting data, generating copies, and generating 
test data. Since this type of table can be so useful, you’d probably want to create one 
in your database and use it in your queries. However, suppose that you aren’t allowed 
to create new tables in your database. Or even if you are allowed, you're looking for a 
faster way to obtain a table of numbers than querying a real table. So heres the chal- 
lenge, which is the focus of this article: Write a table-valued function (call it fn. nums) 
that accepts as an input parameter the number of rows you want to produce (call it @ 
max) and returns a table of integers in the range 1 through @max. 
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Table-of-Numbers Tricks 


The function should return the result 
as quickly as possible. Heres an example of 
how youd query the function to return 10 
numbers: 


SELECT n FROM dbo.fn nums(10) 
AS Nums; 


(Some of the code in the article and listings 
wraps to multiple lines because of space 
constraints.) This query should produce 
the output that Table 1 shows. To test 
performance, run the code with the input 
10000000. Make sure that when you test 
performance, you select the SQL Server 
Management Studio (SSMS) Discard results 
after execution check box—to do so, click 
Tools, Options, Query Results, SQL Server, 
Results to Grid (or Text). Doing so lets you 
test server-processing time, excluding the 
time it takes to generate the output. Try to 
come up with an implementation that runs 
at around 10 seconds or less for 10 million 
rows. See if you can work out your own 
solution before looking at the three solu- 
tions I provide. Good luck! 


Solution |: Simple Recursive 
Query 
My first solution is based on a simple recur- 
sive query. Listing 1 shows the solution code, 
including the function’s definition. The code 
defines a recursive common table expression 
(CTE) called Nums. The anchor member 
returns a single row with the value 1 in 
column n. The recursive member returns a 
row with the value n + 1 from the previous 
row if n is smaller than the input parameter 
@max; otherwise, it returns an empty set 
(recursion termination check). 
In short, the recursive member 
stops as soon as it generates the 
requested number of rows. The 
outer query returns the unified 
set combining the result set 
returned by the anchor member 
and all the result sets returned 
by the recursive member. The 
recursive member is invoked (à) 
max times (the last returning an 
empty set). 

To test the function, run the 
following query: 


«[oo|-|co|eo|m!o|mnmil—-!t 
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So 
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TABLE | Output 
of Query Against the 
fn_nums Function 


SELECT n FROM dbo. fn_nums(10) 
AS Nums; 


You'll get the output that Table 1 shows. 
Before you try it with 10 million rows, 
though, Id like to point out a logical 
problem with this implementation. To pre- 
vent infinite invocations of a recursive 
member in a recursive CTE, SQL Server 
limits the number of invocations of the 
recursive member to 100 by default. The 
101st invocation would cause the query to 
fail at runtime and generate an error. So if 
you try running this code: 


SELECT n FROM dbo.fn nums(1000) 
AS Nums; 


You'll get the error message Msg 530, Level 
16, State 1, Line 1, The statement terminated. 
The maximum recursion 100 has been exhausted 
before statement completion. SQL Server lets 
you change the default limit of 100 by 
specifying a MAXRECURSION hint. Set- 
ting MAXRECURSION to 0 means no 
limit. However, if you try incorporating the 
MAXRECURSION hint in the query 
within the functions definition, as Listing 2 
shows, you'll get the following error: Msg 156, 
Level 15, State 1, Procedure fn_nums, Line 10, 
Incorrect syntax near the keyword 'OPTION'. 
SQL Server doesn’t let you incorporate 
query hints within a function’s definition. 
You're left with no choice but to specify the 
hint in the outer query against the function, 
like this: 
SELECT n FROM dbo. fn_nums(1000) 
AS Nums 
OPTION (MAXRECURSION Ø); 


Of course, doing so is undesir- 
able because you have to know 
how the function is imple- 
mented (i.e., that it uses a recur- 
sive query) to realize that you 
need to specify the hint in the 
outer query, so you lose some 
of the important features that 
encapsulation is supposed to 
give you. But that’s the reality. 
To test the performance of 
this implementation, first make 
sure that you select the Discard 
results afier execution check box 
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LISTING | Definition of fn nums 
Function, Version 1 


SET NOCOUNT ON; 
USE tempdb; 
GO 
IF OBJECT ID('dbo.fn nums', 
NOT NULL 
DROP FUNCTION dbo.fn nums; 
GO 


DIS WS 


CREATE FUNCTION dbo.fn nums(amax AS 
INT) 
RETURNS TABLE AS RETURN 
WITH Nums AS 
¢ 


SELSCy US fH 
UNION ALL 


SELECT n + 1 FROM Nums WHERE n < amax 


) 
SELECT n FROM Nums; 
GO 


LISTING 2 Attempt to Add 
MAXRECURSION Support to fn nums 
Function 


ALTER FUNCTION dbo.fn nums(amax AS INT) 
RETURNS TABLE AS RETURN 


WITH Nums AS 
( 
SELECT 1 AS n 
UNION ALL 
SELECT n + 1 FROM Nums WHERE n < @max 
2) 
SELECT n FROM Nums 
OPTION (MAXRECURSION (D; 
GO 


LISTING 3 Definition of fn nums 
Function, Version 2 


ALTER FUNCTION dbo.fn nums(amax AS INT) 
RETURNS TABLE AS RETURN 


WITH SQR AS 
( 


SELECT Ø AS const, 1 AS n 
UNION ALL 
SELECT 0, n + 1 FROM Nums 
WHERE n < CEILING(SQRT(amax) ) 
27 
Product AS 
K 


SELECT TOPCamax) ROW_NUMBER() 
OVERCORDER BY SQR1.const) AS n 
FROM SQR AS SQR1, SQR AS SQR2 


) 
SELECT n FROM Product; 
GO 


in SSMS. Then in a new query window, run 
the following code: 


SELECT n FROM 
dbo. fn_nums(10000000) AS Nums 
OPTION (MAXRECURSION 0); 


In my test system, this query ran for 253 
seconds. Thats very slow, not to mention 
that you also have to specify the hint in the 
outer query. The reason for the bad perfor- 
mance is mainly the overhead involved with 
each individual invocation of the recursive 
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Teble-of-Numbers Tricks 


member (e.g., spooling and indexing of the 
intermediate sets). In short, this solution is 
far from satisfactory, so lets explore further 
alternatives. 


Solution 2: Sophisticated 
Recursive Query 

My next solution is more sophisticated 
than the previous one and is also based on a 
recursive query. Listing 3 shows the solution 
code, including the function’s definition. 
The code defines a recursive CTE called 
SQR that generates as many rows as the 
ceiling of the square root of @max. Then 
a second CTE called Product produces 
a Cartesian product (cross join) of two 
instances of SQR. This product will have 
at least @max rows—or a bit more, since 
I used the expression CEILING(SSQRT(@ 
max)). Without calculating the ceiling, you 
might get fewer rows in the product. So it’s 
better to return more rows than you might 
need, then use the TOP option in the outer 
query to obtain exactly the number of rows 
you need. 

The outer query uses the ROW_ 
NUMBER function to actually generate 
the sequence of numbers. Notice that the 
ROW_NUMBER function uses a column 
called const in the ORDER BY clause. This 


column is nothing more than a constant 


The nonrecursive- 
query solution 
doesnt rely on 
recursive CTEs, 
so you don't 
need to specify 
any hints in the 


query. 


that I produced in the SQR CTE. The 
optimizer is smart enough to figure out 
that its a constant, thus avoiding an explicit 
sort operation altogether. This solution is 
very efficient. 
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Run the following code to test the func- 
tion (again, with results discarded): 


SELECT n FROM 
dbo. fn_nums(10000000) AS Nums 
OPTION (MAXRECURSION 0); 


The query ran for eight seconds in my test 
system. Thats very fast—however, you need 
to specify the MAXRECURSION hint 
here as well. 


Solution 3: Nonrecursive Query 
My last solution doesn’t rely on recursive 
CTEs; therefore, its benefit is that you don’t 
need to specify any hints in the query 
against the function. Listing 4 shows the 
solution code. 

The code defines a CTE called CO, 
which returns two rows with a single 
column called const that holds a constant 
value. Here, the CTE’s purpose is simply to 
generate two rows; it doesnt really matter 
what those rows contain. Then a series of 
CTEs (C1, C2, C3, C4, C5, C6) double 
the rows of the CTE defined before them 
by performing a cross join between two 
instances of the previous CTE. The number 
of rows you can potentially get via a CTE 
Cn is 2^(2^n). For example, having six 
CTEs besides CO can potentially yield 18, 
446,744,073,709,552,000 rows. Having five 
CTEs besides CO can potentially yield about 
four billion rows. In other words, six CTEs 
would be sufficient in practical terms for any 
number of rows that you might need. 

The outer query then uses the TOP 
option to return the number of requested 
rows (@max), and a ROW_NUMBER 
function actually generates the sequence of 
integers (again, by using a column holding 
a constant in the ORDER BY clause). The 
nice thing about the optimization of this 
code is that the optimizer is smart enough to 
figure that it needs to generate only @max 
rows. It doesn’t bother to generate any more 
rows, although logically it might seem as if 
the code is doing so. Therefore, this solution 
is very fast. 

To test the function, run the following 
code (again, with results discarded): 


SELECT n FROM 
dbo. fn_nums(10000000) AS Nums; 
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LISTING 4 Definition of fn_nums 
Function, Version 3 


ALTER FUNCTION dbo.fn nums(amax AS INT) 
RETURNS TABLE AS RETURN 


WITH 

CO ASCSELECT Ü AS const UNION ALL 
SELECT 0), 

C1 ASCSELECT Ø AS const FROM CØ AS A, 
cø AS B), 

C2 AS(SELECT Ø AS const FROM C1 AS A, 
Cl AS ED, 

C3 AS(SELECT Ø AS const FROM C2 AS A, 
C2 AS B), 

C4 ASCSELECT Ü AS const FROM C3 AS A, 
C3 AS B), 

C5 AS(SELECT Ø AS const FROM C4 AS A, 
C4 AS B), 

C6 ASCSELECT Ø AS const FROM C5 AS A, 
C5 AS B) 


SELECT TOP(8max) ROW NUMBER(O 
OVERCORDER BY const) AS n 

FROM C6; 

GO 


This code runs for nine seconds for 10 mil- 
lion rows. Its slightly slower than the pre- 
vious solution, but its important advantage 
is that you don't need to specify any hints in 
the query against the function. 


Fast and Encapsulated 
Ive examined three different solutions 
for generating a virtual auxiliary table of 
numbers via a table-valued function. The 
first solution uses a simple recursive query 
that iterates once per row. This solution 
is the slowest and requires you to specify 
a hint in the query against the function. 
The second solution produces a Cartesian 
product between two instances of a recur- 
sive CTE containing as many rows as the 
square root of @max. This solution is very 
efficient, but it also requires you to specify a 
hint in the query against the function. The 
third solution uses a series of CTEs, each 
doubling the number of rows from the 
previous CTE. This solution doesn’t rely on 
recursive CTEs—rather, nonrecursive ones. 
It’s both very fast and has the advantage 
that you don’t need to specify a hint in the 
query against the function, so we can safely 
announce it as the winner! SOL 
InstantDoc ID 94376. 


Itzik Ben-Gan (itzik@solidqualitylearning.com), a 
mentor at Solid Quality Learning, teaches, lectures, and consults 
internationally. He manages the Israeli SQL Server Users Group, 
is a SQL Server MVP, and is the author of the /nside Microsoft SQL 
Server 2005: T-SQL series (Microsoft Press, 2006). 


January 2007 33 


E 


| icd uai Services are here 


Data Visualization 


Create Dashboards and Scorecards , Amm Y 
with SQL Reporting Services = 


Use Dundas’ industry leading Data Visualization Technology to 
instantly add Dashboard and Scorecard functionality to your reports 
in SQL Server Reporting Services 2005. 


Dundas Chart, Dundas Gauge, Dundas Map and Dundas Calendar for 
Reporting Services offer unique, seamlessly integrated Data 
Visualization functionality that can greatly improve the user 
experience in SQL Server Reporting Services 2005. 


Download full evaluation copies today, and add advanced Business ————À DOR SS 
Intelligence to your corporate reports. 


auge» —- - . -— 
f for . 4 w E : 
or hart f Reporting =m — "SAU NER 
Map: Caléhdar- |. 
Í a s$ 
= 4 aN Z 
for Maps; for Reporting Services M t T 
Services 


| 
i 
[ 
| 
| 
-E 


www.dundas.com 


Microsoft and SQL Server Reporting Services are registered trademarks of Microsoft Corporation in the 
United States and/or other countries. 


www.dundas.com 3 . 
infos dundascom: Advanced Data Visualization 
(800) 463-1492 for Microsoft? Technologies 


Intermediate 
2005/2000 


Feature 


Migrating is 
a daunting 
prospect, but 
there's a light 
al Ihe end of 
the tunnel 


H ow many SQL Server 2000 DTS 
packages are you responsible for? 
Perhaps 10? Maybe 50? When I asked 
this question at a conference last year, a 
few attendees shocked me by telling me 
that their environments boasted more 


55" Migration 


by Erik Veerman 


than 2000 DTS packages! Was it irre- 
sponsible of me to wish them good luck 
in their migrations? Perhaps. But if you 
have several hundred DTS packages, you 
should know that you're not alone. DTS 
is well known for its simplicity and use- 
fulness, and in fact, many organizations 
adopted DTS for its ability to quickly 
and simply generate data processing. 

Whether you have 10 DTS packages 
or several hundred, you're probably pre- 
paring for an inevitable migration to SOL 
Server 2005 Integration Services (SSIS). 
However, in your testing and research, the 
pain points have become apparent: The 
products architecture differs from that 
of SQL Server 2000 D'TS—making the 
migration more complex than a straight 
upgrade—and even after you migrate a 
couple packages, you might see only a little 
performance gain. And if you're looking at 
dozens or hundreds of packages, you can 
expect several sleepless nights. 
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Your First Step 


A good starting framework for a DTS-to-SSIS 
migration strategy includes first getting your 
DTS packages to SQL Server 2005. Don’t let 
your DTS migration hold up your relational 
engine upgrade to SQL Server 2005. 

1. Move your DTS packages to your SQL 
2005 environment (through the setup. 
exe SQL upgrade or manually through 
Management Studio), and continue to run 
them as DTS packages. 

2. Use SSIS to build any new packages 
you need. 

3. Use the DTS Migration Wizard as a 
starting point for strategic packages that 
can take advantage of SSIS features or 
for packages that have trouble during the 
migration. 

4. Plan for a rolling strategy to rework 
all packages, leveraging the complete SSIS 
feature set in the redesign. 
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DTS-to-SSIS Migration 


There’s a light at the end of the tunnel—a 
bright one. And getting there might not be 
as difficult as you think. In fact, now that 
SQL Server 2005 is more than a year old, 
more resources and knowledge are available 
to help you through the process. (For a 
helpful primer, see “Step Up to SQL Server 
2005,’ InstantDoc ID 47740, as well as this 
article’s sidebar, “Your First Step,” page 35.) 
But don’t settle for merely getting your 
packages migrated to SSIS. Rather, prime 
yourself for taking full advantage of SSIS’s 
improved features and functionality. 


Migration Resources 

When you're ready to take on your DTS- 
to-SSIS migration, you'll need to have at 
your disposal the tools and resources you 
need to make informed decisions and 
perform a clean migration. One such tool 
is the Upgrade Advisor, which can analyze 
your existing DTS packages and report 
about concerns that you must address before 
and after your migration. The most recent 
version of Upgrade Advisor 1s download- 
able with the "Feature Pack for Microsoft 
SOL Server 2005 - April 2006” (http:// 


www.microsoft.com/downloads/details 


.aspx?FamilyID=df0ba5aa- 
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b4bd-4705-aa0a-b477ba72a9cb 
&DisplayLang=en).Even more 
valuable is the “SQL Server 2005 
Upgrade Technical Reference 
Guide" (http://www.microsoft 


.com/downloads/details.aspx 
?FamilyID 73d5e96d9-0074- 
46c4-bd4f-c3eb2abf4b66& 


Tj) Add Existing Package 


DisplayLang-en), which covers 
the entire SQL Server platform 


upgrade in 350 pages, with 38 


> > FIGURE | Invoking the DTS Migration Wizard 
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> » FIGURE 2 ssMS's Management 
Legacy folder 


pages dedicated to D'TS package 
migration to SSIS—invaluable to 
understanding the nuances of the 
upgrade. Both of these resources cover 
the basics of using SOL Server' built-in 
DTS Migration Wizard to convert DTS 
packages to SSIS. To invoke the DTS 
Migration Wizard, you right-click the 
SSIS Packages folder in Business Intel- 
ligence Development Studio, as Figure 1 
shows. (To prepare your packages for the 
DTS Migration Wizard, see the sidebar 
“Preparing for the Wizard.”) 

One of the biggest challenges involved 
with migrating DTS packages to SSIS 
arises when the DTS Migration Wizard 
cant convert a DTS component, such as 
a data pump that does more than copy 
column operations. In some cases, the 
converted SSIS package will retain a 
portion of the original DTS package, 
embedded in an Execute DTS Package 
task in SSIS. Other tasks, such as the 
Dynamic Property Task and some of the 
logic embedded in an ActiveX task, will 
need to be rewritten with SSIS function- 
ality. Each of the migration nuances will 
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Preparing for the Wizard 


The community has also contributed to the 
DTS migration process. One particularly valu- 
able published tool is called DtsToSsisPrepare 
(http://Avww.sqlbi.eu/). This DTS-focused 
upgrade tool prepares DTS packages before 
the DTS Migration Wizard runs. By converting 
universal data link (UDL)-based connections 
to hard-coded standard connections, consoli- 
dating connections created for parallelism, 
and resetting other DTS properties that the 
migration doesn’t support, packages run 
through the DTS Migration Wizard are much 
cleaner in SSIS after the initial preparation 
through DtsToSsisPrepare. 

InstantDoc ID 94113 


be identified by the Upgrade Advisor tool 
or discussed in the upgrade planning and 
preparation resources. 

Beyond just the migration resources 
that SQL Server 2005 provides in the DTS 
Migration Wizard and Upgrade Advisor, 
the software also includes support for 
DTS packages. For example, the \Manage- 
ment\Legacy folder in SQL Server 2005 
Management Studio (SSMS) includes a 
container for DTS 2000 packages, as you 
can see in Figure 2. These packages might 
have been included with the SQL Server 
relational engine upgrade; you can also load 
DTS packages after the upgrade into a SQL 
Server 2005 instance. 

With the DTS design tools installed for 
SSMS (available in the “Feature Pack for 
Microsoft SQL Server 2005 - April 2006” 
referenced earlier), you can modify DTS 
packages through SSMS and execute them 
on the server. Also, using the Execute DTS 
2000 Package Task included in the SSIS 
Control Flow, you can run DTS packages 
alongside SSIS packages, so you can move 
forward with SSIS packages while managing 
your migration incrementally. 


The Migration Wizard Output 

The reason DTS-to-SSIS migrations pose 
challenges goes beyond the fact that SSIS is a 
new product. Fundamentally, DTS and SSIS 
have different architectures. By settling for just 
a migrated package without then extending 
or rewriting parts of the package to take 
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DTS-to-SSIS Migration 


precedence requirements. Perhaps 
you even have hundreds of pack- 
ages that perform operations that 
are similar to this example. 

If you havent yet tested the DTS 
Migration Wizard, you might be 
wondering how much faster your 
DTS packages will perform after 
you migrate them to SSIS. The 
answer is that SSIS packages created 
by the DTS Migration Wizard most 
likely wont perform any faster than 
the original DTS package. If you've 
already performed a few tests, you 
might still be wondering why your 


migrated DTS packages dont per- 


> > FIGURE 3 A typical DTS package form much better in SSIS. 


advantage of SSIS functionality, you're settling 
for less. To be sure, you'd see immediate man- 
ageability advantages, but when it comes to 
performance and scalability, DTS architecture 
limitations would still be evident. 

Most DTS packages use an Extraction, 
Loading, and Transformation (ELT) model of 
data processing—a flip from true Extraction, 
Transformation, and Loading (ETL). In other 
words, data processing logic in DTS often 
relies on SQL Server to perform the business 
transformation logic, and to use SQL Server, 
the data first needs to be loaded into tables. This 
type of process can be relational database man- 
agement system (RDBMS)-intensive. TSQL 
can provide valuable support in an SSIS-based 
ETL process, particularly for set-based opera- 
tions, but when it comes to bulk operations 
and data transformations, DTS tends relies too 
heavily on SQL Server logic and is therefore 
often bound by disk I/O bottlenecks and 
synchronous processing. For example, consider 
this typical DTS package: Data is extracted 
from a flat file source where its landed to a 
staging table; a SOL Server update adds key 
relationships and repairs missing values; finally, 
the staged data is joined to a production table 
and loaded to the destination. 

In this typical package, which Figure 
3 illustrates, the extraction needs to be 
complete before performing the update, 
which then needs to be complete before 
the loading processes. You might have similar 
packages or even more complicated pack- 
ages with many staging and SQL Server 


The answer is in the package 
architecture. When you run the DTS Migra- 
tion Wizard, the output essentially generates 
a Control Flow—centric (or workflow-cen- 
tric) SSIS package that contains Data Flows 
with minimal to no transformations. If your 
DTS packages were workflow packages 
that coordinated the execution of SQL 
Server tasks or copy-column data pumps, 
your migrated packages in SSIS will have 
the same architecture, relying on the under- 
lying staging tables and RDBMS engine to 
perform the core of your logic. 
In both cases, DTS and SSIS are 
simply providing the coordina- 
tion of the data copies and SQL 
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packages execute the same steps in the same 
order and rely on the underlying relational 
engine to perform the transformation logic in 
an ELT-type process. 

Although performance is an important 
consideration, its only one of the many cri- 
teria to look for in an ETL tool. From the 
start, it will be easy to apply the new SSIS 
feature set to your migrated DTS packages. 
Many of these new features don't necessarily 
relate to performance but still provide great 
improvements in the areas of development 
administration and package control—for 
example, package configurations to share 
properties and connections, checkpoints 
to enable restartability, source control and 
debugging integration with Microsoft Visual 
Studio, environment-deployment tools, 
offline capabilities to ease development, 
conditional and logical-OR precedence 
constraints, built-in looping and Windows 
Management Instrumentation (WMI) inte- 
gration, and better backend Analysis Services 
and SQL Server 2005 support. 


Rethinking Your Data 

Processing in SSIS 

When it comes to performance and data 
processing, SSIS can do much more than 


"2 Migrated DTS Packages - Microsoft Visual... a |5| 
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Server-based logic. Similarly, if 
your DTS packages leveraged 
any transformation in the data 
pump, those data pumps would 
migrate as an Execute DTS 2000 


OrderProcessing.dtsx [Design ]* 
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^y Package Doi 


Package task and therefore still 
run under the DTS runtime 
engine. 

The DTS package that Figure 
4 shows, when run through the 
DTS Migration Wizard, generates 
several Data Flows and a couple 
of Execute SQL Tasks, matching 


directly to the DTS Data Pumps 


and DTS Execute SQL Tasks, 
respectively. In this simple example, 
the DTS package runs in almost 


exactly the same time frame that 


the migrated SSIS package runs. 
This behavior is expected: Both 
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FIGURE 4 Sample post-wizard DTS package 
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DTS-to-SSIS Migration 


DTS while providing better scalability. 
However, when just relying on the output 
of the DTS Migration Wizard, SSIS’s core 
data-processing features dont come into 
play (because of the nature of a DTS 
migration). This includes the SSIS Data 

Flow’s pipeline engine, which provides data 

transformations, cleansing, and performance 

beyond the capabilities of D'TSS staging and 

SQL Server-centric model. A few of the 

SSIS data flow advantages are: 

* In-memory data association of hetero- 
geneous sources using merge, union, 
and lookup capabilities 

* Text and data mining to provide 
insight into data relationships and text- 
field contents 

* Grouping and sorting for data aggrega- 
tions and ordering 

* Data routing and duplicating, which 
allow multiple destinations and filtered 
data inserts 

* Data cleansing to match data based on 
similarity 

* Additional adapters that integrate 


*: DTSRedesign - Microsoft Visual Studio 
Edt Wew frojet Buld Debug Data 


I" Contra rion [3 Data Tow al Trent anders | "s Package Dpi 


forme 582 ‘Tools Window 


, b. Developman 7 3x81. 
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XML, binary, SQL Server Mobile, 

OLE DB, ADO.NET, and other 

sources and destinations 

When you apply these advanced Data 
Flow features to your migrated DTS pack- 
ages, you'll unlock the muscle of SSIS. For 
example, suppose we redesign the afore- 
mentioned SSIS package to take advantage 
of the Data Flow in SSIS. Figure 5 shows a 
single Data Flow to handle the same logic 
present in the original DTS package and 
initial package following migration to SSIS. 
This redesigned package uses the 

memory-based Lookup, Merge Join, Aggre- 
gate, Sort, and Derived Column transforma- 
tions. This redesign reduces the synchronous 
steps involved in the prior architecture, and 
because of the memory-based architecture 
of the SSIS pipeline, also reduces the disk 
T/O. Overall, this redesigned sample package 
runs about 40 percent faster than the 
migrated package. Also compelling is that 
when you track the Physical Disk counters, 
the redesigned package uses 50 percent 
less disk I/O, and in fact also reduces the 
average processor utilization from 
35 percent to 25 percent, allowing 
more headroom for other pro- 
cesses and packages to run on the 
-x| same server. 
So, are data-staging tasks no 


Data Fiss Task: W Date Flew Task 


longer required? In many cases, 


> » FIGURE 5 Redesigned SSIS package 
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staging data isn't necessary but 
a few situations merit their use. 
For example, staging can help ful- 
fill data-validation requirements, 
provide a point-in-time capture 
of a volatile source, or help align 
sources in which the extraction 
times dont overlap. SQL Server 
can also provide valuable func- 
tionality with set-based updates or 
deletes, recursive operations, and 
ETL auditing and administrative 
tasks. When deciding on staging 
data in your migrated packages, 
ask, “Which staging or SQL 
Server steps were used because 
of the DTS based architecture?” 
and “For these steps, how can I 
leverage the SSIS Data Flow?” It’s 
true, however, that the net effect 
will be a reduction in staging and 
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sequential SQL Server tasks and lead to an 
overall increase in server scalability and a 
reduction in processing times. 


Getting to SSIS 


As you consider a migration, what are the 
repercussions of these developments for 
your DTS environment? First, moving from 
DTS to SSIS doesn’t have to be an overnight 
event—particularly if you have dozens or 
hundreds of packages in your environment. 
SQL Server 2005 supports DTS package 
design and execution, opening up the oppor- 
tunity for a rolling migration with a tempo- 
rarily mixed DTS-and-SSIS environment. 

Second, you would do well to take advan- 
tage of the available resources that can help 
you plan your migration and prepare your 
DTS packages for the migration. Training is 
also available. Microsoft has just released its 
SSIS curriculum, and SQL Server partners 
also offer excellent material. 

When it’s time to move your packages to 
SSIS, the DTS Migration Wizard provides 
a good first step in the process but might 
require some minor workarounds and 
modifications to get packages running in 
SSIS. However, once your packages are in 
SSIS, you should focus on two general areas 
for improvement: first, project, package, 
and control flow capabilities to enhance 
package development and administration, 
and second, Data Flow features to improve 
data associations, cleansing, and other trans- 
formations. Because SSIS supports improved 
development and testing features, it will 
make your changes easier and you'll soon be 
able to leverage the improved SSIS features 
and architecture. 

When youre done, you'll deserve to 
take a breather. The good news is that once 
your environment is migrated to SSIS, you'll 
be better positioned for the future with a 
solid architecture and better tools to make 
administration and development easier. And 
take heart: Future upgrades will be much 

[SQL 
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easier. 


Erik Veerman (erik@solidqualitylearning.com) is a 
SQL Server MVP and mentor for Solid Quality Learning, focusing 
on training, mentoring, and architecting solutions on the SQL 
Server BI platform. He is coauthor of Professional SQL Server 
2005 Integration Services (Wiley). 
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Comparative 
Review 


bu Michael K. Campbell 


Editing T-SQL. The Road 
to Perfection 


A comparative review of T-SQL editors 


all me crazy, but I’ve always preferred using the native tools that ship with SQL Server. 

With SQL Server 2000, Enterprise Manager always served my needs from an administra- 
tors perspective (even though I still shriek if I see someone trying to edit code with it), and 
I've always been extremely happy both as an admin and a developer with Query Analyzer 
as a T-SQL editor. Likewise, SQL Server Management Studio (SSMS) serves me quite well 
with SQL Server 2005, even though as an avid .NET developer I’m crushed that it wasn’t 
able to deliver on the Intellisense and collapsible code regions promised back in the early days 


(when SSMS was called “SQL Workbench"). 

I’ve tried using third-party editors and 
management solutions in the past, but 
they've never really held my attention. If it 
weren't for the fact that I was so eager to 
make the transition to SQL Server 2005, 
I'd have to wonder if I’m not too set in my 
ways because I show very little inclination 
toward learning how to use third-party 
tools. I think my major issue is that I like 
SQL Server so much that I'm particularly 
reluctant to let any non-native tool take 
focus away from my constant thirst to learn 
more about it. My hunch, however, is that 
I'm in good company, and I’m confident 
that many other T-SQL developers (and 
pro-scripting DBAs) prefer using native 
tools themselves. 

In this article, therefore, I've looked at 
each of the T-SOL editors under review 
with a very critical eye. Prior to evaluating 
each of these solutions, I decided that 
although Td likely be wowed by various 
features and points of functionality, che most 
important criterion I'd be using to judge 


each editor, after learning how it worked, 
was the degree to which I'd consider using 
it rather than the native SQL Server tools. 
You'll find additional information about 
features for all three products in Table 1, page 
42. 


Embarcadero Technologies 
Rapid SQL 7.4 

I’ve used previous versions of Rapid SQL, 
although I was usually too busy to give the 
tool much of a chance. During the course 
of this review I was glad to note a number 
of changes to the Rapid SQL interface, and 
I was also happy to realize that many of my 
perceptions about the tool needed to be 
seriously amended. 

Embarcadero makes downloading and 
testing Rapid SQL 7.4 a painless process 
by providing a fully functional 14-day 
trial version of the product on its Web site. 
Installation went without a hitch, and I was 
easily able to connect to my servers and 
begin writing code. Upon connecting to 
one of my servers, I took immediate note 


Xx Aeshen is the official product review lab for Windows IT Pro and 


ESHEN. 


SQL Server Magazine. To learn more, go to http://www.aeshen.com/lab 
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of the ways in which Rapid SQLs Object 
Explorer outshines the functionality pro- 
vided by SOL Server and SSMS (as well 
as the other two products reviewed in this 
article). Unlike other Object Explorers, 
which are merely hierarchical in nature, 
Rapid SQL provides the same hierarchical 
approach but also groups objects by types 
that are more easily and readily accessible—a 
nice feature, as Figure 1, page 40, shows. 

Although I found the UI intuitive, I wasn’t 
happy with having to click between tabs 
to toggle between my SQL statements and 
result-sets. The manual for Rapid SQL weighs 
in at a hefty 940-plus pages (9.5MB as a .pdf 
file), but I wasnt able to easily find a way to 
"toggle" my results into the primary tab I was 
working in. Despite this small inconvenience, 
Rapid SOL performed admirably and was 
consistently quick and responsive. 

Rapid SQLs main strength is in pro- 


EMBARCADERO TECHNOLOGIES 
RAPID SQL 7.4 
PROS: Heterogeneous database support; 


code autoformatting, syntax highlighting, and 
Source Control integration 


CONS: No support for graphical execution 
plans and no Intellisense; Ul is a bit rugged; 
extremely unresponsive sales team 


RATING: XK 


PRICE: Starts at $995 for the single-platform 
Pro version and $2895 for multiplatform Pro 
versions 


RECOMMENDATION: Would be an asset in 
heterogeneous environments but isn’t a viable 
substitute for native SQL Server development 
tools. 


CONTACT: Embarcadero Technologies e 
415-834-3131 e http://www.embarcadero.com 


Michael K. Campbell (hitp.//sqladvice.com/ 
blogs) is an experienced DBA and database developer with more 
than seven years of experience with SQL Server. 
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DTM DATABASE TOOLS DTM SQL 


EDITOR 2.02 ENTERPRISE EDITION 
PROS: Pluggable architecture: editor can 
be combined with other tools and options; 
heterogeneous database support 


Comparative Review 


F3 imbarcade: tepid SOL 7.4.0 [SOC 9.5gl *  'AURAXUSM deeetureMWorks] 


CONS: Schema extraction and export 
functionality wouldn't work in testing; interface 
is a bit rugged; tool could use some additional 
functionality 


RATING: YX YX YX Y4YY 


PRICE: $275 for Enterprise Edition; plug-ins 
available at extra cost 


RECOMMENDATION: Would be at home 

in enterprises needing to manage multiple 
platforms. The functionality and interface rank 
below that of the other two products but the 
price is drastically cheaper. 


CONTACT: DTM Database Tools e 
http://www.sqledit.com 
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than the installers for the other products 

rr — z TH under review. Connecting to a database with 

—- pr : i ' — D'TM SQL editor was a bit more involved 
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than connecting with the other SOL editors, 

LLL but that’s because of the great support DTM 

SQL editor provides for heterogeneous data 

sources, including file-based databases. The 


ABA AO. ISUa deer Lures] mpe BG 


> > FIGURE | Rapid SQLs hierarchical approach to object grouping 
viding a solid development IDE for het- 


erogeneous database platforms. As a T-SQL 
editor, Rapid SQL provides decent syntax 
highlighting and even offers collapsible 
code regions and autoformatting function- 
ality—both big wins. However, despite all of 
the strengths that Rapid SQL has to offer, 
especially in heterogeneous environments, I 
dont think I'd use it in place of a dedicated 
T-SQL editor in a purely SQL Server envi- 
ronment. I cant really explain why, mostly 
because (from this perspective only) Rapid 
SQL doesnt really provide anything that 
would compel me to ditch all of the time 
and energy I’ve invested in mastering the 
native SQL Server tools that I already use. 


DTM Database Tools DTM SQL 
Editor 2.02 Enterprise Edition 
Prior to this review, I had never heard of 
DTM Database Tools DTM SQL editor, 
so taking it for a spin was a complete trip 
into the unknown for me. DTM SQL editor 
provided a fine user experience, although I 
did run into a couple of unresolvable prob- 
lems with its export functionality. Despite 
that, however, the tool was very responsive 
and provided an intuitive interface, although 
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its documentation is extremely light. 
Installation of DTM SQL editor went 
flawlessly and completed far more quickly 


Object Explorer provided by DTM SQL 
editor offered a different mix of detail than 
what l'm used to from Query Analyzer 
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> > FIGURE 2 DTM SQL editor’s Object Explorer 
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> > FIGURE 3 ApexSQL Edit's user-friendly UI 


and SSMS, as Figure 2 shows, but provided 
decent coverage of objects, despite the lack 
of a dedicated node for user-defined func- 
tions (UDFs), which you access via the 
PROCEDURES node in this product. 

DTM SQL editors main strength lies in 
its pluggable, or extensible, architecture. Out of 
the box, DTM SQL editor provides function- 
ality that puts it in the same league with the 
other products compared in this article (albeit 
at the lower end).What sets DTM SQL editor 
apart is its affordable price tag and ability to 
“bolt on” additional functionality through the 
use of pluggable modules. Modules range in 
price from around $79 to $149 and include 
complex export functionality as well as the 
ability to generate test data, run load tests, or 
document existing schema. 

In terms of code editing, DTM SQL 
editor doesn’t provide autoformatting, and 
syntax highlighting was rudimentary. The 
product does provide Intellisense, but I found 
it to be cumbersome at some points—the 
supplied list of objects was in a fixed-width 
window that didn’t let me see which table 
I was accessing when the schema name was 
particularly long. 

Overall, DTM SQL editor has some 


definite strengths that revolve mostly around 
interacting with heterogeneous data sources. 
Accordingly, I'd be happy to use the product 
if I were in a highly diversified environment 
(and DTM SQL editor compares favorably 
with Rapid SQL, especially with respect to 
price), but in a purely SQL Server environ- 
ment, I wouldn't switch to it as 


a T-SQL editor. 


SQL SERVER: 


ApexSQL Tools 

ApexSQL Edit 2005.02 

Unlike Rapid SQL and DTM SQL editor, 
ApexSQL Edit is a solution that has been 
specifically targeted to SQL Server. For me, 
this difference was immediately apparent. 
Installing and setting up ApexSQL Edit 
was a smooth process. Upon opening the 
editor, I was surprised at how polished and 
user-friendly the UI, which you can see in 
Figure 3, is. I also appreciated that many of 
the keyboard shortcuts that I have come to 
know and use with Query Analyzer and 
SSMS are included in ApexSQL Edit. 

The Object Explorer that ApexSQL Edit 
provides exposes a wide variety of objects, 
matching very closely the richness found 
in Rapid SQL. I found interacting with 
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ApexSQL Edit to be a real joy—everything 
opened quickly, and I never got the impres- 
sion that I was waiting on anything while 
editing, querying, or interrogating objects. 
Of all the SQL editors I’ve tried 
(including a few in addition to those in 
this review), ApexSQL Edit has the best 
Intellisense. In fact, I found myself thinking 
that ApexSQL Edit offers more of a "Visual 
Studio" feeling to editing T-SQL than SSMS 
does, which is terribly ironic. Overall, I was 
pleased by ApexSQL Edit’s code formatting, 
syntax highlighting, collapsible code regions, 
and Intellisense. I also enjoyed its particular 
approach to the use of code snippets, as 
well as its approach to using quick replace- 
ments—custom tokens that you can easily 
configure for immediate substitution as you 
type. (For example, if I type “!loj”—muinus 
the quotation marks—my text would be 
immediately replaced with LEFT OUTER 
JOIN after I put a space after the final ^) 
ApexSQL Edit also offers a plethora 
of output and result-set filtering options, 
which analysts will likely find attractive. 
ApexSQL Edit also offers native support for 
NUnit integration, making unit testing an 
easy possibility from directly within the tool 
itself. There’s even a handy “auto-rollback” 
mode you can enter by toggling a button 
in the IDE that will automatically roll back 


APEXSQL TOOLS APEXSQL EDIT 
2005.02 

PROS: Polished and intuitive interface; 
excellent snippet, Intellisense, and code- 
outlining functionality; provides excellent 
editing functionality and advanced source- 
control and testing functionality 


CONS: No support for T-SQL templates 
RATING: YX YX YX YX Y 


PRICE: Starts at $349; volume discounts are 
available 


RECOMMENDATION: Powerful and well- 
executed enough to be considered a true 
replacement for Query Analyzer and SQL Server 
Management Studio. 


CONTACT: Apex SQL Tools e 919-968-8444 e 
http://www.apexsql.com 
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TABLE | Features Comparison 


Feature Grave) Apex SQLEdit Embarcadero DTM SQL Notes 
2005.02 Rapid SQL 7.4 Editor 2.02 - 
any SQL statement you execute—a feature Enterprise 
I found a lot handier than I would have Edition 
expected Works with SQL Server 2005 Y Y Y 
I really didnt find any negatives in Multiple code/editing Windows — Y bi Y 
ApexSQL Edit: Its a great tool, which is Keyboard-shortcut toggling Y Y N 
p g 
why I’ve designated it as my Editors Choice. EME SUL 
l : à ; : Syntax highlighti Vu Y Y 
I did notice that it has an annoying habit of METER PE E 
switching database context back and forth Auto-indenting* Y y Y * Le., remembers tab position 
Code autoformatti M Y N 
between the current database and the tempdb peer eee 
when executing queries, but other than that, | ede autoformat options Y y 3 
the product behaved flawlessly during my Pretty-Print formatting Y N N 
trials. I'd therefore highly recommend that | Intellisense Y N ys * Very rudimentary; almost an impediment 
any T-SQL developer take ApexSQL Edit for 
a spin. I'd consider recommending it as a suit- | Collapsible script outlining Y x N 
able replacement for SSMS and even, possibly, | Code snippets support Y Y Y 
for Query Analyzer. SQL script library Y N N 
: Set and navigate bookmark Y Vf Y 
Desert Island Picks locations 
I had a good time evaluating the editors |  Eecutehighlighted text/code only Y y v 
reviewed in this article. They're all solid Support for T-SQL templates — Y N N 
tools in their own right, but only one of Object Explorer Y Y Y 
them really has the focus necessary (in my TUBES: Y Y N 
mind) to compete with Query Analyzer 
) comps Q y aly Extract/generate scripts for data- Y* M Mrs * Can't script database, only child objects. 
and, to a lesser extent, SSMS. On the one base objects ** Could not get this functionality to work 
hand, Embarcadero’s Rapid SQL and DTM Graphical execution plans Y N N 
Database Tools’ DTM SQL editor are both Object search Y Y Y 
focused heavily on the same market and | V mem 7 5 7 
are suited to DBAs and ad hoc developers ANTA 7 7 7 
$ è It table/live data 
who spend a lot of time in heterogeneous 
environments. ApexSQL Edit, on the other eer i SSS N N 
withi l I 
hand, has been targeted toward only one Disconnanted-ediiine Y Y Y 
latform, and that focus shows. I didnt 
d m : i A . . Edit connection properties ia * Provides ability to change Query Timeout 
anticipate, prior to working on this review, and a few other options; nothing similar to 
that I'd ever find a T-SQL editor that I Query Analyzer or SSMS 
could like enough to compare with Query | Native debugging support s. " i 
Analyzer or SSMS. ’m not 100 percent Query logging Y Y Y 
convinced that ApexSQL Edit is better than Heterogeneous database support N Y Y 
either of those tools, but I do feel confident metad iaa Y Y Y 
in placing it in the same ballpark. I can see 
P D MS P ; Built-in Sproc Unit Testing Y N N 
myself potentially complaining that there is support 
no ubertool to combine the best features and Generate test data Y N y* * Requires DTM DataGenerator ( +$159) 
functionality of SSMS, Query Analyzer, and Load tests/benchmarking N Ys Yar 5 RapidSQL Pro comes with Code Analysis 
ApexSQL Edit, but in terms of code editing, e rm 
: j equires tress (+ 
I'm sure Id be fine if left on a desert island : 
: Test Runs (auto rollback) M N N 
with any of the three. If you knew how : T z z : 
xport to 
much of a curmudgeon I am, you'd under- à 
stand why thats a huge compliment to the OD y i i 
folks at ApexSQL. SOL Export to FlatFile Y Y Y 
InstantDoc ID 94223 Export to Excel N n Y 
Export to DumpFile N N Y 
Additional export options N Y Ya * Requires DTM QueryReporter (+ $79) 
Advanced cell copy options Y y 
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Got a great new product? 
Send announcements to products@sqlmag.com. 


New Products 


AUDITING AND COMPLIANCE 


Blake Eno (products windowsitpro.com) is product editor for Windows IT Pro and SQL Server Magazine. 


Tizor Systems announced Mantra 4.0, an appliance that provides real-time auditing and 
protection for all data that resides on a database, a file server, or a mainframe application. 
Mantra supports major database vendors such as SQL Server and IBM DB2 and now 
supports legacy mainframe database environments. The product includes agentless local 
auditing technology that tracks all user activity, whether on the network or a local-access 
terminal, and is transparent to users. Enhanced reporting capabilities allow for customiz- 
able automated-report generation and distribution and support for PDE HTML, XML, 


and comma-separated value 
(CSV) formats. For more 
information, contact Tizor 
Systems at 978-243-3200, 
800-231-8224, or http:// 


www.tizor.com. 


AUDITING AND COMPLIANCE 


Normalize Audit Data 

from Different Database Plat- 
forms 

SoffTree Technologies announced updates 
to its flagship product, DB Audit Expert, that 
provide new enterprise-class support for 
centralized audit repositories. The software 
lets you streamline auditing and compliance 


Tizor Systems Mantra 4.0 


operations by using a central repository for 
SQL Server, Oracle, IBM DB2, and Sybase 
databases. Unified alerting and reporting 
capability lets DB Audit Expert monitor and 
report on (including alerting) all data access, 
updates, data structure modifications, and 
changes to security permissions from one 
location. Pricing for DB Audit Expert starts 
at $329 per database server instance. For 
more information, contact SoftTree Tech- 


BUSINESS INTELLIGENCE 


Integrate BI into SOL Server 2005 Reporting Services 


Business Objects announced that 
Crystal Xcelsius Workgroup, a visual 
design tool that lets you transform com- 
pany data into interactive presentations 
and business dashboards, now includes 
point-and-click connectivity to SQL 
Server 2005 Reporting Services (SSRS). 
This capability lets you extract data 
relationships and project possible future 
business performance. You can share 
your dashboards and models through 
Microsoft Word, Outlook, PowerPoint 
or via PDF format and distribute 
them over the Web through Microsoft 
SharePoint Portal Server 2003. Contact 


Business Objects Crystal Xcelsius Workgroup Business Objects at 866-681-3435 or 


http://www.businessobjects.com. 
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nologies at 800-289-9256 or http://www 
.softtreetech.com. 


BUSINESS INTELLIGENCE 


Leverage the Power of Micro- 
Soft Bl 


ICS announced that its business intelligence 
(BI) solution, RSinteract, extends its reach 
to support SOL Server Analysis cubes and 
the SQL Server 2005 Unified Dimensional 
Model. RSinteract builds on SQL Server 2005 
Reporting Services (SSRS) to put information 
in the hands of nonspecialist users. As a server- 
based Web application, RSinteract requires 
no client software or plug-ins. RSinteract lets 
business users with a standard Web browser 
build new SSRS reports or customize existing 
reports on any relational or OLAP data source 
defined in SQL Server 2005/2000 without 
specialized training. For more information, 
contact ICS at info@rsinteract.com or http:// 


www zsinteract.com. 


DATABASE TOOL 


Secure Data and Support 
Compliance 


Embarcadero Technologies announced 
Embarcadero ER Studio 7.1, a data archi- 
tecture and database design solution that 
discovers, documents, and reuses data assets 


" ER/Studio 
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Embarcadero Technologies Embarcadero 
ER/Studio 7.1 
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through visual data models. ER/Studio’s 
improved identification, classification, and 
communication of policies for sensitive 
data help support regulatory compliance 
and reduce the risk of inappropriate data 
access. New ER/Studio properties catego- 
rize and label data and objects according to 
the level of security and privacy that should 
be applied to them. For more informa- 
tion, contact Embarcadero Technologies at 


415-834-3131, sales@embarcadero.com, or 
http://www.embarcadero.com. 


JOB MANAGEMENT 


Easily Monitor and Manage 
SOL Server Jobs 


Argent Software announced Argent Job 
Scheduler 5.0, software to help manage and 
monitor SQL Server jobs. Job Scheduler 
manages and maintains all SQL Server jobs 
from one interface and uses SQL Server 
for its back-end database storage system 
to make historical data and performance 
information easy to access. You can create 
customized action plans for each job you 
create. Job Scheduler can send email, pager, 
or Short Message Service (SMS) notifica- 
tions to you when jobs fail, run late or 
too long, or use too much CPU time. The 
software can generate job reports to map 
how certain jobs perform over the course of 
weeks or months. Job Scheduler is scalable, 
allowing you to manage 1 or 1000 SOL 
Server machines. For more information, 
contact Argent Software at 860-674-1700, 


281-239-8780, or http://www.argent.com. 


SECURITY 


Ecalenale announced dbLockdown 2.0, 
an encryption solution that helps you secure 
your SQL Server 2005 and SQL Server 2005 
Express Edition scripts. dbLockdown’s inter- 
face lets you view all database objects across 
your enterprise and Internet servers.You can 
then encrypt stored procedures, views, user- 
defined functions (UDFs), database triggers, 
and server triggers in any number of servers 
and databases. dbLockdown automatically 
archives each database object it encrypts 
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for easy restoration. dbLockdown also lets 
you edit T-SQL scripts for database objects. 
For more information, contact Ecatenate at 


support@ecatenate.com or at http://www. 


ecatenate.com. 


STORAGE 


its able to automatically resume its share of 
the storage workload. For more information, 
contact ScaleOut Software at 503-643-3422, 


sales@scaleoutsoftware.com, info@scaleout 
software.com, or http://wwwscaleoutsoft 


ware.com. SOL 
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E stateServer Consote 


ScaleOut Software an- 
nounced updates to its flagship 
product, ScaleOut StateServer, 
which installs as a software 
service and provides work- 
load data storage for Micro- 
soft .NET server farms. New 
enhancements ensure contin- 
uous uptime in difficult con- 
ditions such as server failures. 
ScaleOut StateServer auto- 
matically balances the amount 
of storage that each server in 
a farm uses. When a server 
fails, the ScaleOut StateServer 
service retrieves the servers 
session objects from replicas 
stored on other servers and 
creates new replicas. When 
the server comes back online, 
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Insights from the SQL Server industry 


Industry 


Briefings 


IT Staff Derailed by 
Application Delays; Symantec 
Offers Monitoring Solution 


This past summer, Symantec (http://www.symantec.com) noticed that its customers 
and their Web application users were reporting a common pain point: Application slow- 
downs were affecting productivity. The company needed a way to verify what it thought 
it was hearing from its customers, so it commissioned Applied Research to conduct 
a survey on the topic. The results confirmed Symantec’s suspicions, revealing that as 
much as 24 percent of IT staff time is devoted to addressing business application perfor- 
mance delays. That’s a heavy drag on resources that, over time, can result in dramatically 
reduced productivity and morale. Additionally, for users of Web applications, who have 
high expectations of application availability, slow performance can cause them to take 
their business to another company. For organizations that depend on their Web business, 
solving performance problems is crucial. 

Symantec Server Foundation and APM Product Group Vice President Henri Isenberg 
told our editors that Symantec’s i3 application performance monitoring software addresses 
this common problem by taking a proactive approach. The software lets you monitor 
data at all tiers and put the results into a central repository so that you can see application 
performance across tiers. The agent-based software lets a CIO pinpoint the place where 
slowdowns start so that a specialist for that tier can address the problem quickly—before 


the company loses business. 


DataDirect’s XQuery Provides 
XML Collaboration 

In some organizations, as much as 80 per- 
cent of code that DBAs write is to enable 
different types of data access. Jonathan 
Robie, a technology leader at DataDirect 
Technologies (http://www.datadirect.com), 
shared this statistic with our editors. Robie 
explained that today’s Web services must 
handle a diverse workload. From the rela- 
tional database engine to XML documents, 
EDI messages, Web services, Asynchronous 
JavaScript and XML (Ajax), and dynamic 
HTML, multiple chents need to access data 
from multiple sources in an ever-expanding 
array of formats. The complexity of data 
access increases when different developers 
write different data-access solutions. How 
do you get all the pieces to work together? 
XQuery 1.0 language is the common 
denominator. The World Wide Web Con- 
sortium (W3C) derived XQuery 1.0 from 
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—Dawn Cyr 


the XPath expression language. Both lan- 
guages use the same syntax for path expres- 
sions. XQuery queries XML documents, 
much like SQL queries relational data. 
The DataDirect team saw that what DBAs 
needed to make their Web services more 
efficient was a way to make every language 
talk to XQuery—so they created a conver- 
sion product that did just that. 

DataDirect XQuery is an implementa- 
tion of XQuery that can query XML, 
relational data, SOAP messages, EDI, or 
a combination of data sources while sup- 
porting the XQuery for Java API (XQJ) 
and all major relational databases. According 
to Robie, what makes DataDirect XQuery 
unique is that DataDirect XQuery is plat- 
form-agnostic; it runs on any Java-based 
platform. DataDirect’s newest version of the 
product, XQuery 2.0, includes a streaming 
XML adapter for reducing the amount 
of memory needed to process large XML 
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documents, performance enhancements, 
and configurable scalability options. 
—Dawn Cyr 


Unicenter Brings “SPG” back to 
Network Management 

In the past, "single pane of glass"—Nwhere 
network alerts, reports, and monitoring data 
all come to a centralized console—was the 
ideal configuration for network manage- 
ment. More recently, the accepted wisdom 
may be that network systems are too com- 
plex to be reduced to just one management 
endpoint. However, IT pros in both the 
security information and storage manage- 
ment fields still consider single-pane-of-glass 
management functionality highly advanta- 
geous, and it appears as if that trend in desir- 
ability is returning to network management 
as well. Witness the addition of a single, 
unified UI console to CA’s (http://www 


.ca.com) service and systems management 


solution: Unicenter Network and Systems 
Management (NSM) r11.1. 

According to Dayton Semerjian, senior 
vice president of operations at CA, Uni- 
center NSM r11.1 “ties everything together” 
with one screen that shows alerts, network 
functionality, and relationships between 
different systems. It gives administrators a 
holistic view of the enterprise that helps 
them simplify the complexity of large sys- 
tems. The benefits of this unified view are 
improved service, increased productivity, and 
the ability to more quickly find the cause of 
root problems. 

In CA’ latest release of Unicenter NSM, 
troubleshooting root problems is enhanced 
by r11.15 leverage of SQL Server as a plat- 
form for the management database. Because 
r11.1 sits on SQL Server, it can integrate 
with other SQL Server-based, CA, and 
third-party management solutions. With 
management data stored in a common 
management database, administrators can 
troubleshoot and resolve problems faster and 
more efficiently. SOL 

—Caroline Marwitz 
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SQL Server Log Files 


wW you think about SQL Server log files, you might think first of the transac- 
tion log, which records recent database transactions and is used to ensure database 


integrity in the event of a system restore. However, many other log files also help to 
diagnose and troubleshoot problems. Here are five log files that play important roles in 


SQL Server 2005. 


SQL Server Setup Log 

You might already be familiar with the 
SQL Server 2005 Setup log, which is 
located at %ProgramFiles%\Microsoft SQL 
Server\90\Setup Bootstrap\LOG\Sum- 
mary.txt. If the summary.txt log file shows a 
component failure, you can investigate the 
root cause by looking at the components 
log, which you'll find in the %Program- 
Files%\Microsoft SQL Server 90NSetup 
Bootstrap LOG Elles directory. 


: SQL Server Profiler Log 

SQL Server Profiler, the primary applica- 
tion-tracing tool in SQL Server 2005, cap- 
tures the system's current database activity 
and writes it to a file for later analysis. 
You can find the Profiler logs in the log 
tre file in the %ProgramFiles%\ Microsoft 
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SQL Server\MSSQL.1\MSSQL\LOG 
directory. 


~ SQL Server Agent Log 

SQL, Server 2005’s job scheduling sub- 
system, SQL Server Agent, maintains a 
set of log files with warning and error 
messages about the jobs it has run, written 
to the %ProgramFiles%\Microsoft SOL 
Server MSSQL.1NMSSQLALOG direc- 
tory. SQL Server will maintain up to nine 
SQL Server Agent error log files. The 
current log file is named SQLAGENT 
.OUT, whereas archived files are numbered 
sequentially. You can view SQL Server 
Agent logs by using SQL Server Manage- 
ment Studio (SSMS). Expand a server 
node, expand Management, click SQL 
Server Logs, and select the check box for 


SQL Server Agent. 


~ Windows Event Log 

An important source of information for 
troubleshooting SQL Server errors, the 
Windows Event log contains three useful 
logs. The application log records events in 
SQL Server and SQL Server Agent and 
can be used by SQL Server Integration 
Services (SSIS) packages. The security log 
records authentication information, and 
the system log records service startup and 
shutdown information. To view the Win- 
dows Event log, go to Administrative Tools, 
Event Viewer. 


SQL Server Error Log 

The Error Log, the most important log 
file, is used to troubleshoot system prob- 
lems. SQL Server retains backups of the 
previous six logs, naming each archived log 
file sequentially. The current error log file 
is named ERRORLOG.To view the error 
log, which is located in the %Program- 
Files%\Microsoft SQL Server\MSSQL.1\ 
MSSQL\LOG\ERRORLOG directory, 
open SSMS, expand a server node, expand 
Management, and click SQL Server Logs. 
E 
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manage, administer and control your SOL Server enterprise. Monitor database 


performance in real-time. Kill locks, blocks, freezes and stops with a flick of your 
wrist. Backup databases faster than a speeding bullet. Master the forces of auditing WWW. id era.com 
and compliance. Scale and roll-out new applications with ease. Whatever your 


challenge, Idera's products are battle-proven, easy-to-use, and are guaranteed 


to provide remarkable results. And... even mere mortals can have our products 


This aplication is bu I on 
‘Microsoft’ SQL Server’ 2005 
utwceifsocunrfrotrunnor ex 


installed in minutes, configured in hours, and deployed worldwide in days. 


of any of Idera's tools for SOL Server Superheros today! 


" 


2c 4 


9 
www.red-gate.com/backuppro or call 1.866.REDGATE [ p d-gate 


